Why Use Container Registry as a Service
Container registries are storages for your container images. It is an essential service for containerization technology that saves you a lot of headaches when you run Kubernetes clusters to test and deploy your containerized applications.
Why Use a Container Registry
When you work with Kubernetes deployments, you face the chicken-egg dilemma: you cannot keep the images in the cluster but you need them to run it.
A container registry keeps all your images that you pull into a Kubernetes cluster when you start it.
But Container Registry is even more than that: it is a SaaS platform that helps you to manage your Docker images.
Challenges
There are quite a few challenges associated with managing your container images.
- You need to pull container images quickly.
- You can have more control over the costs of your incoming Kubernetes traffic. Since the traffic might go from one cluster into the other, this might result in additional costs.
- You need to protect certain images from unauthorized access.
- You want to avoid bugs and data breaches that can spread between containers since they are built upon each other. If one Docker container has security issues in the source code, all the images built from it will inherit these issues.
- You want a better structure of your image storage. You do not want to throw them all untagged into the same repository without a chance to find anything inside it later.
Solution
Consequently, you get enough reasons for using Container Registry: a container registry service that solves all of these problems.
- You get a solution that can be managed through API and robot accounts (integration users).
- It can also be operated through CLI tools.
- You can create webhooks to trigger events further down your CI/CD pipeline.
- You can replicate images to/from another repository (multiple providers are supported).
Storage and Costs
- The images pushed to Container Registry are compressed and do not require much storage space.
- Besides, you can control the size of your storage to avoid cost explosion.
- For enterprise customers, we offer a custom storage.
Security Features
User Authorization and Authentication
- You can create users with different roles and permissions deriving from their roles (RBAC).
- Users can be onboarded using an OIDC provider or LDAP/AD server.
Vulnerability Scanning
- You can run vulnerability checks using different providers. More than one developer may be working on an image and some imperfections may always slip your team’s attention. It is important not to let the other images inherit it and ruin your deployments.
- 2 pre-installed vulnerability scanners.
Other Security Features
- Container Registry supports content trust: enforcing only sign images.
Managing Images
- You can organize your images into projects, as well as tag and label them directly in the GUI.
- You can make certain tags immutable.
- You can retire tags automatically.
- You can delete unused and/or untagged images on schedule.
- You can get log data that tracks the history of everything that happened in the project.
- You have access to the build history of every image in the repository.
Other Supported Artifacts
- Container Registry supports Open Container Initiative (OCI).
- You can store helm charts to manage your Kubernetes deployments.
Admin Features
- In-browser admin portal, accessible from everywhere, on any device.
Apart from this, Container Registry provides a simple graphical user interface. Although pushing images requires you to use a command line tool, all other actions can be done with a mouse click.
Why Use Container Registry as a Service
With our service, you have the latest Harbor technology but do not have to install it by yourself. You only need to log in to your account using a browser. That means that you can access your registry from everywhere.
Besides, we fixed quite a few of Harbor’s and Docker Hub’s issues and offer much better image scanners and other security features.