How to Select a Container Registry

With so many container registry choices available, it’s easy to find a platform that offers the level of access control, security, hosting options and performance that you need.

There are more than a dozen container registries available today. Although they all do the same core job of hosting container images, they vary widely when it comes to security, performance, supported data types and more. With so many options, how do you pick the right container registry

Read on for tips about selecting a container registry tailored to your needs.

Container registry explained

First off, what is a container registry? Simply put, a container registry is a place where container images are hosted – the blueprints that define the files and applications installed inside a given container. When you want to launch a container, you first need to obtain an image for it. Then, you can start a container based on that image.

Container registries allow you to host container images in a centralized location, making them easily accessible to whoever needs them.

Benefits of a container registry

The main benefit of a container registry is that it makes it simple to download the container images users need to start an application.

Indeed, the ability to start containers quickly using images downloaded from a registry is one of the key advantages that containers enjoy in the containers vs. VMs debate. With a registry populated by container images for the microservices applications you need to run, it’s fast and easy to spin up a complex application by pulling the necessary images from a registry.

VMs are also powered by images. But because VM images contain a full operating system, they tend to be much larger. In contrast, container images, which contain only application data and share other resources with the host operating system, are smaller and lightweight. In turn, they are fast to download.

Considerations for choosing a container registry

Again, there are more than a dozen different container registries out there. Some are tied to specific platforms; for example, Amazon ECR is designed for hosting container images for use with other services in the Amazon cloud. Other registries, such as Artifactory, are platform-agnostic and work with virtually any on-prem or cloud environment.

When deciding which container registry to choose, consider the following factors:

#1. Access controls

Access controls make it possible to restrict access to images inside the container registry. For example, you can require tokens or passwords in order to download images.

All mainstream container registries offer some form of access control. But some are more sophisticated than others. Some registries offer granular access controls that make it possible to apply different access settings to different container images, or to give different individuals varying levels of access. Others provide blunter controls that let you choose between password-protecting all images or no images, for instance, instead of allowing you to configure access on an image-by-image basis.

If you need fine-tuned control over access, choose a registry that offers sophisticated access management.

#2. Security features

Beyond access controls, some registries offer built-in security features to help protect container images against abuse. For example, they may offer integrated image scanners (such as Xray, which can integrate with Artifactory) that will automatically scan images for malware, reducing the risk that a compromised image could hide inside your registry.

Different registries also offer different levels of logging and audit controls, which help you track who has accessed your registry and what they did with images in it.

If you need strong security features, choose a registry that provides more than just basic security.

#3. Hosting options

While some registries work only in the cloud, others can run on-premises or in the cloud. The latter registries provide more control over how you host them.

The ability to choose exactly how the registry is hosted is important not just for the control it gives you over your IT setup, but also for compliance and privacy reasons: In some cases, you may want to host your registry on-premises in order to control the geographic region in which your images reside, for example. That could be useful if compliance rules require you to keep data in a specific jurisdiction.

#4. Performance

Container registry performance hinges on a variety of factors, including the quality of the registry software itself and the strength of the network connection you use for accessing it.

If the ability to upload and download images quickly is a priority, choose a registry with a proven performance record. You should also check whether the registry you are considering requires a premium payment plan in order to unlock top performance, which some registries do.

Note, too, that registries that give you more control over how they are hosted and configured may also help you to improve performance, because greater control places you in a stronger position to optimize your network connection. For instance, if you have the option of hosting the registry on-premises, you will likely achieve much higher network bandwidth rates when transferring images over your local network than you could with a cloud-hosted registry.

#5. Support for other types of data

All container registries can host container images, but some solutions can host other data, too, such as application packages. If you only need to host images, any container registry will do the job. But if you want the flexibility to manage other binary files in order to make them securely available to your users, a solution that supports artifact hosting of all types, not just container images, comes in handy.

Choose a registry suited for you

With so many container registry choices available, it’s easy to find a platform that offers the level of access control, security, hosting options and performance that you need. Whether you’re looking for a simple registry that will only host public images and will run in the cloud, or for one that gives you maximum control over hosting setup, access controls and performance, a registry suited to your needs is out there.