Container Registries
Repositories for storing, versioning, and distributing container images, from public registries like Docker Hub to private registries like ECR.
seed#containers#registry#docker#ecr#ghcr#images
What it is
A container registry is a repository for storing and distributing Docker images. It works like npm for Node.js packages, but for container images.
Popular registries
| Registry | Type | Characteristics |
|---|---|---|
| Docker Hub | Public/Private | Largest, official images |
| Amazon ECR | Private (AWS) | Native ECS/EKS integration |
| GitHub GHCR | Public/Private | GitHub Actions integration |
| Google Artifact Registry | Private (GCP) | Multi-format |
| Azure ACR | Private (Azure) | Geo-replication |
Typical CI/CD flow
Code push → CI build → Docker build → Push to registry → Deploy from registry
Security
- Image vulnerability scanning
- Image signing (cosign, Notary)
- Retention policies to clean old images
- IAM/RBAC-based access
Why it matters
A container registry is critical infrastructure in any container-based CI/CD pipeline. The choice between public, private, and managed registries affects security, deployment latency, and operational costs.
References
- Amazon ECR — Official documentation.
- Docker Hub — Docker, 2024. Most widely used container registry.
- Distribution — CNCF, 2024. Reference implementation of the OCI Distribution Spec.