Our great sponsors
-
-
nerdctl
contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
Moby
The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
lmctfy
Discontinued lmctfy is the open source version of Google’s container stack, which provides Linux application containers.
-
registry.k8s.io
This project is the repo for registry.k8s.io, the production OCI registry service for Kubernetes' container image artifacts
-
-
-
-
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
> And since podman doesn't have an official repo like docker,
Hmm... https://github.com/containers/podman
I found that on: https://podman.io/ so, I'm pretty sure it's official.
We are even using Docker Hub to store and distribute VM images...
https://github.com/kubevirt/kubevirt/blob/main/containerimag...
We had a prototype Docker/BuildKit registry using IPFS at Netflix built by Edgar.
https://github.com/xenitAB/spegel
I have avoided a couple of incidents caused by images being removed or momentarily not reachable with it. It would at least mitigate any immediate issues caused by images being removed from Docker Hub.
This was the proposed PR that is summarized in that article: https://github.com/moby/moby/pull/10411
if you did `docker tag supersecret/app:latest && docker push` instead of `docker tag registry.corp.com/supersecret/app:latest` guess where your code just went?
Same on the pull side, if you wanted your corp's ubuntu base rather than just `docker pull ubuntu`.
https://github.com/hercules-ci/arion which allow docker-compose
Probably. You still need to store and serve the data somewhere of course but for even moderately successful open source organizations they will likely find volunteer mirrors. The nice thing about IPFS is that new people can start mirroring content without any risk or involvement, new mirrors are auto-discovered, like bittorrent.
It seems like the docker registry format isn't completely static so I don't think you can just use a regular HTTP gateway to access but there is https://github.com/ipdr/ipdr which seems to be a docker registry built on IPFS.
> We'd still need a registry for mapping the image name to CID, along with users/teams/etc.
IPNS is fairly good for this. You can use a signing key to get a stable ID for your images or if you want a short memorable URL you can publish a DNS record and get /ipns/docker.you.example/.
Of course now you have pushed responsibility of access control to your DNS or by who has access to the signing key.
Interestingly, https://www.freedesktop.org/wiki/Software/systemd/#spelling says...
> But then again, if [calling it systemd] appears too simple to you, call it (but never spell it!) System Five Hundred since D is the roman numeral for 500 (this also clarifies the relation to System V, right?).
Indeed. While I do maintain two of them, that maintenance is effectively equivalent to being an open source maintainer or open source contributor. I do not have any non-public knowledge about the Docker Official Images program. My interaction with the Docker Official Images program can be summed up as “my PRs to docker-library/official-images” (https://github.com/docker-library/official-images/pulls/TimW...) and the #docker-library IRC channel on Libera.Chat.
One annoyance with how docker images are specified is they include the location where they are stored. So if you want to change where you store you image you break everyone.
I wonder if what regsitry.k8s.io does could be generalized:
https://github.com/kubernetes/registry.k8s.io/blob/main/cmd/...
The idea is the depending on which cloud you are pulling the image from, they will use the closest blob store to service the request. This also has the effect that you could change the source of truth for the registry without breaking all Dockerfiles.
Does anybody know whether there could be something like an open/libre container registry?
Maybe the cloud native foundation or the linux foundation could provide something like this to prevent vendor lock-ins?
I was coincidentially trying out harbor again over the last days, and it seems nice as a managed or self-hosted alternative. [1] after some discussions we probably gonna go with that, because we want to prevent another potential lock-in with sonarpoint's nexus.
Does anybody have similar migration plans?
Switched to Multipass (https://multipass.run/) and run docker with portainer on my Mac there.
Hit me up if you want to discuss using BitTorrent to back images. https://github.com/anacrolix/torrent
https://github.com/google/go-containerregistry/tree/main/cmd...
It was recommended in this article:
> Base images will continue to be patched/updated, and you need those to keep your own images up to date. Unless the suggestion is to build all images, from the bottom up, from scratch.
If docker pushes people to that, hopefully more reproducible solutions like nix and it's ux friendly "porcelains" such as https://devenv.sh/ gain market share.
You might be interested in Devbox (http://jetpack.io/devbox)! We built Devbox because we were frustrated with our Docker based dev environments, and our goal is to provide the power of Nix with a more accessible interface (similar to yarn or other package managers).
We're open source and rapidly adding features, you can check us out on Github at https://github.com/jetpack-io/devbox
https://github.com/docker/roadmap/issues/44
So, at the moment, any public organization images are doomed to be lost, if they won't pay.
If you are using containerd then you might find the "hosts" section of the configuration file useful: https://github.com/containerd/containerd/blob/main/docs/host...
level (/nix/store/)
Yes, for cache hits to happen it has to be this way as far as I remember.
There is a project called nix-portable though that I've seen some HPC users report success with: