Welcome to
Bundle Bar!

✌️ ❤️ ☁️

Bundle Bar is a free service that hosts new types of lightweight, cloud-native artifacts for use by tools leveraging OCI for package distribution.

Community-provided, public artifacts are made available for download. Please see below for a complete list of artifacts hosted by type.

Supported Artifact Types

Helm Charts

Helm 3 provides support for downloading chart packages from OCI-based registries. For more info on how to use these features, please see this doc.

Here's an example of how to install one of the charts below using Helm 3:

helm chart pull bundle.bar/helm/hub/bitnami/nginx:4.3.3
helm chart export bundle.bar/helm/hub/bitnami/nginx:4.3.3
helm install myrelease nginx/

The following chart packages have been imported from Helm Hub (880 total):

Looking for a chart? Try ctrl+f.

OPA Bundles

Open Policy Agent (OPA) is currently investigating the use of OCI for OPA bundle distribution. For more info, please see this issue.

Support for pulling OPA bundles has already been added to conftest:

conftest pull bundle.bar/opa/instrumenta/kubernetes:latest
ls -la policy/

You may also retrieve OPA bundles using ORAS CLI:

oras pull bundle.bar/opa/instrumenta/kubernetes:latest \
    -t application/vnd.cncf.openpolicyagent.policy.layer.v1+rego \
    -t application/vnd.cncf.openpolicyagent.data.layer.v1+json \
    -t application/vnd.cncf.openpolicyagent.manifest.layer.v1+json

The following policy bundles have been added by request for test purposes:


Which types of artifacts do you host?

Only artifacts under 1MB that serve an active developer community, primarily those related to the cloud-native ecosystem (i.e. CNCF, Kubernetes).

How is this related to OCI? Docker?

OCI, the Open Container Initiative, is working on a Distribution Spec. This specification, which is based upon the Docker Registry HTTP API V2 Protocol, was originally intended as a framework for distributing container images.

Over time, however, interest grew in leveraging the power of this API to distibute different types of artifacts.

For more info on this topic, please see this blog post.

Why can't I just use Docker Hub?

Most commercial registries, such as Docker Hub, have strict policies regarding which types of content are allowed to be pushed.

There are a number of reasons why a registry provider may wish to whitelist content types, for example security scanning and unified UI/UX.

At the moment, the only commercial/private registry with known support for these new content types is Azure Container Registry (ACR).

GitLab's built-in registry has been reported to support Helm charts, but not in the UI. Please see this issue.

Additionally, CNCF incubating project Harbor is currently discussing adding support. Please see this issue.

How do I add registry support to my tool?

For Go-based projects, please see ORAS, which is a client library built on top of containerd and Docker CLI.

Questions? Ideas? Need support? Send us an email!