27 dépôts
Management of container image registries to enable precise version tracking and rollbacks.
Distinguishing note: Focuses on registry-based image persistence for rollbacks rather than general image storage.
Explore 27 awesome GitHub repositories matching devops & infrastructure · Container Image Versioning. Refine with filters or upvote what's useful.
Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup
Enables manual rollbacks by tracking unique container images for every successful deployment.
This project is a Docker educational resource and a collection of practical examples designed for learning containerization technologies. It serves as a guide for understanding container fundamentals, including the creation and management of custom images and the use of registries. The repository provides specialized references for container security hardening, such as managing kernel privileges and implementing supply chain security. It also includes tutorials for multi-container orchestration and a DevOps guide focused on CI/CD automation and image optimization. The material covers a broad
Explains how to remove locally stored image copies to free up disk space.
Watchtower is a container registry monitor and image update automator that functions as a background service. It tracks remote image registries for changes to trigger the automatic deployment of updated Docker containers. The tool manages the container lifecycle by monitoring for new base images and automatically executing the pull and restart sequence. It ensures that running containers are updated to the latest version available in the registry while maintaining original runtime configurations. The system employs a polling event loop and digest-based change detection to identify updates. I
Automatically restarts containers using original runtime configurations after pulling newer base images.
Packer is a machine image build tool and multi-platform image orchestrator. It functions as an infrastructure as code image builder that produces identical machine images across multiple platforms from a single source configuration to ensure environment consistency. The tool enables the creation of a golden image pipeline by generating compatible system images for different cloud providers and on-premises hypervisors. It includes an image lifecycle registry to store metadata for tracking the versioning and status of generated images. The system manages the automation of machine image creatio
Maintains centralized metadata registries to track the versioning and lifecycle status of virtual machine images.
Packer is a machine image builder and multi-platform image orchestrator used to create identical virtual machine images for multiple platforms from a single source configuration. It functions as an infrastructure as code tool, utilizing the HashiCorp Configuration Language to define versioned and reproducible templates for cloud image provisioners. The tool is distinguished by its plugin-based extension model, which allows it to load external binaries for builders and provisioners to support various cloud platforms and virtualization environments. It includes a post-processor pipeline to tran
Stores machine image metadata in a centralized registry to monitor and manage versions across environments.
This project is a comprehensive collection of web development reference guides and technical cheat sheets. It provides a curated set of markdown-based documentation designed to help developers quickly locate syntax patterns and API examples for common web technologies and programming languages. The repository serves as a specialized reference library covering several distinct technical domains. It includes extensive guides for CSS, focusing on selectors, Flexbox, Grid, and responsive layout properties, as well as a DevOps command reference for Docker, Kubernetes, AWS, Ansible, and general she
Provides syntax for adding labels and metadata to container images.
Skopeo is a command line utility for inspecting, copying, and managing OCI and Docker container images across registries and local storage. It functions as a container image tool and registry manager that performs these operations without requiring a background daemon to be running on the host. The tool specializes in daemonless image manipulation, allowing users to retrieve metadata, manifests, and tags from remote registries without pulling the full image locally. It provides capabilities for mirroring external repositories to internal registries for air-gapped deployments and manages the t
Provides capabilities to remove specific image tags or mark them for garbage collection in remote registries.
Skopeo is an OCI container image manager and registry client designed for inspecting, copying, and signing container images across different registries and storage backends. It enables the manipulation of container images using direct API calls to registries, operating independently of a local container daemon or runtime. The tool provides specialized capabilities for container image mirroring and synchronization, specifically supporting the mirroring of external repositories to internal registries for air-gapped environments. It also functions as a container image signing tool, allowing for
Removes specific images or tags from a remote container image repository.
Ko is a daemonless container image builder and OCI image generator specifically for Go applications. It compiles Go source code into binaries and packages them directly into container images, pushing them to registries without requiring a local container runtime or daemon. The tool specializes in multi-platform image distribution, producing images for various CPU architectures and operating systems from a single execution. It distinguishes itself by automating the entire pipeline from Go import paths to Kubernetes deployment or serverless function packaging for architectures like AWS Lambda.
Provides capabilities to delete specific image tags or versions from remote registries.
Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
Enables rolling back deployments to previous image versions by updating policies or tags.
This project provides a comprehensive guide and set of scripts for deploying and configuring a production-ready Kubernetes cluster from scratch. It centers on establishing a functional environment by installing core management components, storage, and networking across multiple nodes. The implementation emphasizes high availability for the control plane, utilizing layer-4 load balancing and leader election for the API server, scheduler, and controller manager. It further ensures reliability through the deployment of a distributed key-value store for persistent runtime data. The project cover
Provides the ability to remove specific image manifests and data layers from the repository via API requests.
CRI-O is an open-source container runtime that implements the Kubernetes Container Runtime Interface (CRI) to manage container images, pods, and containers on cluster nodes using OCI-compatible runtimes. It serves as a node-level container manager that handles image pulling, container lifecycle, and resource monitoring for Kubernetes clusters, running containers according to the Open Container Initiative specifications. The runtime distinguishes itself through live configuration reloading that applies changes to runtime definitions, registry mirrors, and TLS certificates without restarting th
Includes available image labels in the image status response for detailed inspection.
LXD is a unified platform for managing both system containers and virtual machines through a single REST API and command-line interface. It provides a programmatic HTTP interface for controlling the full lifecycle of instances, enabling automation and integration with external tools. The system runs unprivileged containers with per-instance UID/GID mappings, seccomp filters, and AppArmor profiles for kernel-level isolation, while supporting multiple storage backends including directory, Btrfs, LVM, ZFS, Ceph, LINSTOR, and TrueNAS through a unified driver interface. The platform distinguishes
Removes a local copy of an image without affecting running instances that use it.
Kruise est un système de gestion de charges de travail conçu pour les applications à grande échelle sur Kubernetes. Il fournit un framework pour l'orchestration avancée, la mise à l'échelle et les stratégies de mise à jour afin de maintenir la stabilité dans les déploiements massifs. Le projet se distingue par sa capacité à effectuer des mises à jour sur place des images de conteneurs et des limites de ressources sans supprimer ni recréer les pods. Il inclut un pré-extracteur d'images dédié pour accélérer le démarrage des pods et un injecteur de sidecar pour gérer dynamiquement le cycle de vie des conteneurs sidecar. De plus, un distributeur de ressources synchronise les configmaps et les secrets à travers plusieurs namespaces pour une cohérence à l'échelle du cluster. Le système couvre un large éventail de domaines de fonctionnalités, notamment la planification de pods tenant compte de la topologie, les déploiements canary avec contrôle de progression par partition, et l'autoscaling de charges de travail multi-domaines. Il implémente également des protections de haute disponibilité telles que les limites de perturbation des applications, le drainage gracieux du trafic et la prévention de la suppression en cascade. La visibilité opérationnelle est assurée par l'exportation de métriques de ressources, le suivi des délais de déploiement et l'émission de logs structurés.
Triggers restarts of specific containers within a pod without affecting other running containers.
docker-gc est un outil de garbage collection pour les hôtes Docker conçu pour récupérer de l'espace disque en supprimant automatiquement les conteneurs quittés, les images inutilisées et les volumes orphelins. Il fonctionne comme un nettoyeur de ressources qui optimise le stockage de l'hôte via la gestion du cycle de vie des ressources de conteneurs orphelines ou inactives. L'utilitaire gère la rétention d'images en préservant un nombre minimum des images les plus récentes par dépôt tout en supprimant les versions plus anciennes. Il emploie des périodes de grâce configurables pour déterminer quand les images et les conteneurs deviennent éligibles à la suppression et prend en charge l'exclusion basée sur des motifs pour empêcher le ciblage d'assets spécifiques. L'outil couvre une large gamme d'opérations de maintenance, incluant la sélection de ressources basée sur l'état pour identifier les candidats à la suppression et la purge d'artefacts temporaires pour maintenir la santé du système.
Tracks the most recent images per repository to maintain a minimum count of preserved builds.
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Removes a locally stored image copy, freeing space while keeping running instances unaffected.
This project provides a collection of official base images for building and running .NET applications across various operating systems and hardware architectures. It includes standardized runtime environments, containerized development kits, and specialized images designed for isolated application execution. The collection is distinguished by its focus on image optimization and security hardening. It offers distroless images that remove shells and package managers to reduce the attack surface, as well as composite layering and ahead-of-time compilation to improve startup performance and lower
Retrieves the operating system, distribution version, and installed package versions from within a container image.
microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection. What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to micr
The sandbox platform deletes OCI images from the local cache that are no longer referenced by any sandbox.
Werf est un constructeur d'images de conteneur, un outil de livraison continue Kubernetes et un orchestrateur de déploiement. Il crée des images de conteneur en utilisant des Dockerfiles ou une syntaxe d'assemblage et gère le déploiement automatisé des applications vers des clusters Kubernetes en traduisant les définitions de paquets en manifestes de ressources. Le système se distingue par un pipeline de build multi-architecture qui intègre des émulateurs système pour produire des images pour différentes architectures CPU sur un seul hôte. Il emploie un marquage basé sur le contenu et une mise en cache des couches pour éviter de télécharger des couches d'image redondantes vers des registres distants. Au-delà des builds et des déploiements, le projet inclut un gestionnaire de registre pour supprimer les artefacts orphelins et les ressources inutilisées. Il fournit également un pipeline sécurisé pour déchiffrer les identifiants d'application sensibles à partir de fichiers chiffrés pendant le processus de déploiement.
Removes orphaned artifacts and unused resources from remote container registries to prevent storage bloat.
caddy-docker-proxy est un proxy inverse HTTP dynamique et un contrôleur d'entrée réseau Docker qui génère automatiquement des configurations de routage en lisant les étiquettes (labels) des conteneurs Docker. Il sert d'outil de découverte de services qui détecte les adresses IP des conteneurs en temps réel pour router le trafic web entrant vers les cibles backend correctes. Le projet fonctionne comme un orchestrateur de proxy distribué, capable de pousser les configurations générées depuis un contrôleur central vers plusieurs instances de serveur distantes pour mettre à l'échelle la gestion des requêtes. Il automatise l'émission et le renouvellement des certificats de sécurité TLS pour les domaines proxifiés et coordonne les certificats partagés entre les répliques de serveur. Le système prend en charge la génération de configuration basée sur les étiquettes, utilisant des modèles et des secrets Docker pour injecter des métadonnées et des paramètres globaux dans la configuration du serveur. Il maintient la synchronisation en écoutant les événements du cycle de vie des conteneurs et utilise un mécanisme de chargement en cours d'exécution pour mettre à jour le comportement du serveur. Les capacités de gestion du trafic incluent la définition de règles de routage de requêtes, la correspondance de chemins et la réécriture d'URI pour diriger le trafic vers des ressources conteneurisées.
Uses container metadata labels to define operational behavior and automated routing rules.