Container registries are a crucial, yet rarely discussed, part of a containerized software stack. How do container registries work, and which option is best for you? Here’s a primer.
The purpose of container registries is pretty simple. They store container images. Users can download (or, in Docker parlance, “pull”) images from the containers on demand.
If that sounds similar to an application repository, it’s because it is. Container registries are not very different conceptually from the iTunes store, apt-get or whatever other type of repository you’re familiar with.
Registries serve an important purpose within containerized stacks. By providing a central location for storing images, they help assure that the images users pull are secure. They also facilitate easy updates by allowing developers to push a new image into the registry whenever they update an app.
Container Registry Options
Given that container registries do a relatively basic thing, you might think that there would only be one option out there. After all, why come up with multiple solutions to the same problem if the problem is not complicated enough to merit different approaches?
You’d be wrong, however. There are at least a dozen container registries out there. The Big Three are the following:
Some people might include Google Container Registry on the list of major registry options, too. But then it would be a Big Four list, not a Big Three, and Big Four does not make as much sense.
There are plenty more options beyond those major registries. Here’s a sampling of some lesser-discussed container registries:
The list could go on. The point is, there are lots and lots of options out there.
Choosing a Registry
With so many choices, how do you determine which registry option is the best fit for your needs? Here are some factors to consider:
- Do you need an on-premises or hosted registry? Some registries, such as ECR, only work as cloud-based services. Others can only run on local servers. Some support both types of deployment.
- Do you want to host things in addition to container images? Most container registries are designed for the sole purpose of hosting containers images. However, some, such as Artifactory, can host other types of files, too. The latter are a better fit if you’re looking to build a repository for more than just Docker images.
- Is security a priority? If so, you’ll be interested in security-focused registries, such as FlawCheck’s. Docker Hub and Quay also now offer container image scanning.
- Do you want tight integration with a particular container stack? If you do, you’ll likely get the most mileage out of a registry that is built into the platform you use. For example, if you’re running OpenShift, the integrated OpenShift container registry will be the simplest and most streamlined registry option (although OpenShift also supports third-party registries).
If you’re having trouble deciding, the good news is that it’s easy in most cases to migrate from one registry to another if you adopt one and change your mind.