By Haining Zhang, Chief Architect, R&D VMware China
Recently, I created a video to provide clarity around a what a container registry is and how it works. If you find yourself wondering, what is a container registry exactly? How does it help in building, shipping, and running an application? Why do most organizations need to set up a private registry to securely and efficiently manage their container images? We’ve got answers.
Container registries are useful
Let’s start at the beginning, a registry is a repository for storing container images. A container image consists of many files, which encapsulate an application. After a host puts an image into a registry, other hosts can download it from the registry server. This allows the same application to be shipped from a host to another.
Who should use a container registry
Developers, testers and CI/CD systems need to use a registry to store images created during the application development process. Container images placed in the registry can be used in various phases of the development.
How organizations are using a container registry
To begin with, users usually use public registry service such as Docker Hub because it is simple and easy to use. However, when they are getting serious in using containers, organizations often wonder whether to continue to use a public registry service or not. For security and efficiency reasons, a private registry should be set up within their organization.
Container registries are secure and efficient
For security and efficiency purposes, many choose to set up their own instance of private registry within their organizations. Once they do that, the next question is how they can protect their images.
Protecting images in container registries
By assigning role-based access control (RBAC) to the images using a user identity already established in their organization, such as LDAP and Active Directory. For additional security layers, images should be digitally signed to ensure their authenticity from trusted authors. Furthermore, images should be scanned for vulnerabilities and patches can be applied accordingly. By using an enhanced version of registry, such as Harbor, users can achieve goals to secure their images.
Cloud-native applications and container registries
Cloud-native applications are often built using container technology. Therefore, people running cloud-native applications should use a registry during their application lifecycle.
Open source technology and container registries
Most registry server projects are open sourced. Not only they are open source, but they often use other open source software as well. This allows the collaboration in the community to build a powerful registry, like Harbor.
In this video, I explain everything you need to know about a container registry.
This video is part of our cloud-native basics series we’ve created to explain key technologies in-depth. From providing an overview of containers, to explaining Kubernetes in 5 minutes, we cover it all. If you’d like to learn more, you can read our recent blog post: Jumping into Cloud-Native Basics: A Video Series.