Selecting a Container Image Registry for Production Use
An image registry is a stateless, highly scalable server side application that stores and lets you distribute container images and therefore an absolute necessity to use containers. While getting started with a registry is fairly easy, you need to identify capabilities necessary to use a registry in production. After all, an image registry is a key component of your DevOps pipeline and any limitations of your registry are likely to disrupt your development cycle.
So what are some of the key considerations for selecting a container registry for production use? Based on discussions with our customers, we have identified the following:
- Authentication and Authorization: A registry needs to not only support user authentication but also allow access control. Many registries support OAuth integrations, SAML, LDAP and Active Directory for authorization. Granular access control is important as you can control which users can access which image repository. For example, Amazon EC2 Container registry offers fine grained access control via its IAM service.
- Security: Image scanning is another key requirement. Images need to be regularly scanned to ensure that they are free from known security vulnerabilities or exposures. Compromised images should be flagged and should be allowed to be used.
- Performance & Scalability: An image registry needs to be performant so that it can handle the push/pull of multiple images simultaneously. Any deterioration in performance is likely to slow down container deploys. In addition, if a registry is being used from multiple sites, image caching may help improve performance.
- Resiliency: It is important that an image registry is highly available not only at the application layer but also at the storage layer. Images stored in the registry should never get corrupted.
- Workflow Integrations: Typically registry is used along with other tools such as build tools, security scanners, container deployment solutions. As a result, the registry should be easy to integrate with these tools for end to end automation. In fact, the integrations should be built-in so that the customer doesn’t need to put it any effort.
- Price: While it is possible to get a basic image registry service for low price, it is important not to compromise on the capabilities mentioned earlier. Registry services typically price based on usage so it is possible to start using them for cheap and pay more as usage grows. Enterprise image registries are priced differently, typically based on the feature set.
At Nirmata, we support both, public image registries such as Docker Hub and Amazon ECR and private image registries such as Docker Trusted Registry and JFrog Artifactory. Check out some of our posts on using various registries with Nirmata:
- Using Amazon ECR with Nirmata to deploy containerized applications on any cloud
- Using JFrog Artifactory and Nirmata to streamline continuous delivery of containerized applications
With Nirmata, continuous delivery of containerized applications can be streamlined effortlessly. To sign up for a trial, click below and let us know your thoughts.