> If you are a developer, our goal is to make Docker an invisible companion
I want it not to just be invisible but to be missing. If you have kubernetes, including locally with k3s or similar, it won't be used to run containers anyway. However it still often is used to build OCI images. Podman can fill that gap. It has a Containerfile format that is the same syntax but simpler than the Docker builds, which now provides build orchestration features similar to earthly.dev which I think are better kept separate.
The "invisible" goal is harder than it sounds in air-gapped setups. We run AKS for a public sector client — private API server, no public
egress, Azure Firewall with explicit allowlists. K8s is the right call,
but invisible it is not. Podman for builds works fine until someone adds
a base image that isn't mirrored locally. Then you get a silent pull
failure at 2am.Most tooling just assumes outbound connectivity. Helm charts, operators,even some CNI plugins phone home somewhere at install. You don't find out until it breaks in prod.Not disagreeing with the direction just that invisible infrastructure means something different when egress is locked down by policy, not convention.
I want it not to just be invisible but to be missing. If you have kubernetes, including locally with k3s or similar, it won't be used to run containers anyway. However it still often is used to build OCI images. Podman can fill that gap. It has a Containerfile format that is the same syntax but simpler than the Docker builds, which now provides build orchestration features similar to earthly.dev which I think are better kept separate.