DevOps

Container Registry 101

A Container registry is a storage location dedicated for storing and managing Container images. It can be operated and managed using a User Interface or a CLI (Command Line Interface) tool.

Let’s try to understand the differences between a Container image and a Container.

Container Image

  • Container image is a file, a template, a snapshot of a Container, and immutable.
  • It contains application code, OS libraries, runtime, environment variables and configuration files.

Container

  • Container is a running instance of an image.

To use Java analogy – An image is a class, then a container is an instance of a class — a runtime object.

Container Registry

Source control tools such as GitHub, ClearCase let developers store the source code, version them, pull and push.

Nexus and JFrog Artifactories stores compiled Artifacts (.war, .ear etc.), version them, and execute dependency check.

Similarly, The Container Registry is a stateless, highly scalable server-side application that stores and lets you distribute Container images, version them, pull and push.

The below diagram explains the features of a Container Registry and how it integrates with Container host.

Container Registry Providers

Docker Container Registry

It is open-source, under the permissive Apache license. The software can be downloaded to build your own private Container registry.

Docker, Inc also hosts a Public Docker Hub to store images and operate.

Docker gives commercial support using Docker Trusted Registry (DTR). It enables complete image management workflow, featuring LDAP integration, image signing, security scanning, and integration with Docker Enterprise Edition. Read my blog about Docker Content Trust.

Harbor Container Registry

Harbor is an open-source, incubating project at CNCF (Cloud Native Computing Foundation). It has rich features that enable users with image signing, scanning, RBAC control, webhook, quota management etc. This tool will gain momentum in the coming days. You can read more about this tool here.

Public Cloud Provider Container Registry

AWS, Azure and GCP provides Container registry services with their subscription. Just like Docker and Harbor, they do support OCI (Open Container Initiative) Containers.

With PaaS Container registries, IaaS (Infrastructure as a Service) is pre-built: operating system, registry software, storage, network, firewall, security and compliance.

Platform management utilities such as patching, maintenance, elasticity, quota management, API integration, and vulnerability assessment are part of your Cloud subscription.

Follow the below links to know more about the Cloud provider Container registries;

Container registries will grow rapidly due to the growth of DevOps. It is advisable to use a vendor supported Container registry or Public Cloud Container registry (PaaS) than building and managing your own.

Lawrence Manickam is the Founder of Kuberiter Inc, a Seattle based Start-up that provide Enterprise/SaaS DevOps Services (Kubernetes, Docker, Helm, Istio and CyberArk Conjur) for MultiCloud.

Please subscribe at www.kuberiter.com to try our DevOps SaaS Services.

Tagged

Leave a Reply

Your email address will not be published. Required fields are marked *