compose-spec VS nerdctl

Specification: https://compose-spec.io

https://github.com/compose-spec/compose-spec/blob/master/spe...

There are a number of incorrect statements in this post.

1) One should neither be using the "latest" nor just the "version" tag as the version can still vary depending on when it is pulled.

Instead, one should use a combination of version + hash, say alpine:3.18.2@sha256:82d1e9d7ed48a7523bdebc18cf6290bdb97b82302a8a9c27d4fe885949ea94d1 for reproducibility reasons. This provides for human readable versions as well as the specific hash.

2) Next, afaik, Compose has removed the need for version tags. All of the compose.yml files that I now use do not specify versions.

See https://github.com/compose-spec/compose-spec/blob/master/04-...

Docker Compose v2 specifications provide a useful Secrets feature which may also be used for standalone Compose Application Stacks and not just in Docker Swarm mode. With Docker Secrets the environment variables that contain credentials for other subsystems are mounted into the Telegraf Container as files. These secret files are read through the Docker Secret Store plugin and passed to the respective plugins in a relatively safe manner. By using the Docker Secret Store Plugin, one can also avoid credentials that were previously visible via environment variables, to be now hidden behind runtime secret files within the container. Standard Method with Environment Variables As an example, it is possible to pass the credentials to a plugin via the environment variable placeholder in a telegraf configuration file where the credentials for a plugin exist in a .env file (e.g. MQTT input Plugin)

also the docker-compose.yml file is very picky about what you have in it and where. Please read this so you know how to format it https://github.com/compose-spec/compose-spec/blob/master/spec.md

As part my quadlet helper tool, podlet, I'm adding functionality to convert compose files into k8s yaml to use with quadlet as an alternative to creating a bunch of separate quadlet files, which I've also added functionality for. So I would like to be able to transform the options on compose volumes into k8s yaml. For example, using the volume.podman.io/driver annotation to change the volume driver for a specific volume if possible.

If you find this helpful feature, please leave your feedback and suggestions here.

The compose spec will give what you need. https://github.com/compose-spec/compose-spec/blob/master/spec.md

Indeed, as per the compose-spec a lot of what was version specific is going away

Hello everyone, I just made a tool to visualize compose files, and all the parsing rules follow the [compose-spec](https://github.com/compose-spec/compose-spec/blob/master/spec.md). I hope this tool will help you :D

What about the docker-cli? colima also ships with a docker-compatible cli to interact with containerd called nerdctl. We can execute the same docker cli commands like:

Using nerdctl: https://github.com/containerd/nerdctl

I'd really disagree that compose files are somehow one-shot, or blindly modified. To the contrary, really, we have them checked in with the source code. Upon deployment to the cluster, the (running) services will be intelligently updated or replaced (in a rolling manner, causing zero downtime). LXC might be more elegant, but I have no idea what simple, file-based format I could use to let engineers describe the environment their app should run in without compose.

I need something that even junior devs can start up with a single command, that can be placed in the VCS along with the code, and that will not require deep Linux knowledge to get running. Open for suggestions here, really.

Now since Kubernetes works off of containerd I'll be taking a different approach on handling container builds by using nerdctl and the buildkit that comes bundled with it. I'll do this on the amd64 control plane node since it's beefier than my Raspberry Pi workers for handling builds and build related services. Go ahead and download and unpack the latest nerdctl release as of writing (make sure to check the release page in case there's a new one):

That's why nerdctl, their cli binary, is so well named.

Well, it is indeed a good option. However, containerd is a good alternative that is growing even among developers. Please see: https://github.com/containerd/nerdctl

Nerdctl/containerd has IPFS support :)

https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md

nerdctl supports IPFS for both image pulling and pushing, including encrypted images and eStargz lazy pulling. For building, the current method is a locally hosted translator so that the traditional pulls can be converted to work over IPFS. They even have docs on running it on k8s node, though if my reading is correct this isn't exactly a cloud native approach (running systemd services on each node...).