nerdctl VS Harbor

What about the docker-cli? colima also ships with a docker-compatible cli to interact with containerd called nerdctl. We can execute the same docker cli commands like:

Using nerdctl: https://github.com/containerd/nerdctl

I'd really disagree that compose files are somehow one-shot, or blindly modified. To the contrary, really, we have them checked in with the source code. Upon deployment to the cluster, the (running) services will be intelligently updated or replaced (in a rolling manner, causing zero downtime). LXC might be more elegant, but I have no idea what simple, file-based format I could use to let engineers describe the environment their app should run in without compose.

I need something that even junior devs can start up with a single command, that can be placed in the VCS along with the code, and that will not require deep Linux knowledge to get running. Open for suggestions here, really.

Now since Kubernetes works off of containerd I'll be taking a different approach on handling container builds by using nerdctl and the buildkit that comes bundled with it. I'll do this on the amd64 control plane node since it's beefier than my Raspberry Pi workers for handling builds and build related services. Go ahead and download and unpack the latest nerdctl release as of writing (make sure to check the release page in case there's a new one):

That's why nerdctl, their cli binary, is so well named.

Well, it is indeed a good option. However, containerd is a good alternative that is growing even among developers. Please see: https://github.com/containerd/nerdctl

Nerdctl/containerd has IPFS support :)

https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md

nerdctl supports IPFS for both image pulling and pushing, including encrypted images and eStargz lazy pulling. For building, the current method is a locally hosted translator so that the traditional pulls can be converted to work over IPFS. They even have docs on running it on k8s node, though if my reading is correct this isn't exactly a cloud native approach (running systemd services on each node...).

Now that you know a little more about Cosign, Notary, and DCT, we will take it one step further by using one of these tools: Cosign. For this example, we will use the simple Docker registry:2 reference image to run a simple registry. In a real-world scenario, a managed registry such as Harbor, Amazon ECR, Docker Hub, etc.

Have a look at harbor, you can also use it to follow the same methods for helm charts etc.

Or for something more advanced https://goharbor.io/

Look at https://goharbor.io/

You can host your own image repo if your feeling feisty. Harbor is a graduated project from the CNCF and they are also working on a new implementation called Dragonfly. https://goharbor.io/

Does anybody know whether there could be something like an open/libre container registry?

Maybe the cloud native foundation or the linux foundation could provide something like this to prevent vendor lock-ins?

I was coincidentially trying out harbor again over the last days, and it seems nice as a managed or self-hosted alternative. [1] after some discussions we probably gonna go with that, because we want to prevent another potential lock-in with sonarpoint's nexus.

Does anybody have similar migration plans?

[1] https://goharbor.io

2) Harbor instance registry

Does it HAVE to be those types of packages, have you thought of using containers instead and thus open the options for more types of storage like https://goharbor.io/ ?