[AtomicOrbital]

harbor is great ... simple to install ... it's the only container registry I ever use

[fuomag9]

And in my experience is the only one that has RBAC and can be deployed on premise and that actually works, I’ve tried everything at this point

[kirici]

I am currently looking into zot, what were your blockers/hiccups with it?

[tetha]

When we looked at modernizing our image hosting, it came down to Zot vs Harbor, and we preferred Zot as it looked easier to deploy. Just a go binary with a few environment variables connecting to our minio, what could be easier?

However, when getting the config prod-ready, we started to trip over one thing after the other. First, my colleague was struggling to get the scale-out clustering to work in our container management. Right, use the other deployment way for HA. Then we found that apparently, if you enable OIDC, all other authentication methods get deactivated, so suddenly container hosts would have to login with tokens... somehow? And better hope your OIDC provider never goes down. And then we found a bug on top that Zot possibly doesn't remove blobs from minio during GC.

At that point we reconsidered and went with Harbor.

[cyberpunk]

? GitLab?

[fuomag9]

It doesn't make any sense to deploy a full gitlab just to get a docker registry. RBAC is also associated with repositories and users in a way that is unconventional to manage

[silverwind]

for simple use cases, the official registry is good enough too

[hn_throw2025]

If you use paid S3 as the storage layer, then you want to control size.

With the self hosted official registry, the stop-GC-restart process is a PITA.