Docker Basics

Understanding Container Registries

What are Container Registries?

Container registries are central repositories for storing and distributing container images. They serve as the backbone of container-based development and deployment workflows.

Key Characteristics

  • Central repositories for container images
  • Can be private, public, or a combination
  • Enable version control for container images
  • Provide access control and security features
  • Support image scanning for vulnerabilities

Common Use Cases

  • Storing application images for deployment
  • Sharing base images across development teams
  • Maintaining different versions of applications
  • Implementing CI/CD pipelines

Popular Container Registries

Docker Hub

The world's largest library and community for container images.

  • Public repository: hub.docker.com
  • Free tier available with limitations
  • Official images curated by Docker
  • Community images from various contributors
docker pull nginx:latest

Azure Container Registry

Microsoft's managed Docker registry service on Azure.

  • Private registry with geo-replication
  • Integrated with Azure Active Directory
  • Supports content trust and vulnerability scanning
  • Seamless integration with Azure services
az acr login --name myregistry

Amazon ECR

Amazon's fully managed container registry.

  • Highly available and scalable
  • Integrated with AWS Identity and Access Management
  • Automatically encrypts images at rest
  • Integrates with ECS and EKS
aws ecr get-login-password | docker login ...

Google Container Registry

Google's private Docker registry on Google Cloud.

  • Fully managed with no setup required
  • Integrated with Google Cloud IAM
  • Automatic vulnerability scanning
  • Global availability with multi-region support
gcloud auth configure-docker

MCR

Microsoft Container Registry for official Microsoft images.

  • Public repository: mcr.microsoft.com
  • Hosts all Microsoft-published container images
  • Includes .NET, ASP.NET, and other Microsoft products
  • Content is digitally signed by Microsoft
docker pull mcr.microsoft.com/dotnet/sdk:5.0

Self-Hosted Options

Run your own private registry on-premises or in your cloud.

  • Docker Registry (open source)
  • Harbor (enterprise-grade)
  • Nexus Repository
  • JFrog Artifactory
docker run -d -p 5000:5000 registry:2

Working with Container Registries

Basic Commands

Login to a registry

docker login [registry-url]

Pull an image

docker pull [registry-url]/[image-name]:[tag]

Push an image

docker push [registry-url]/[image-name]:[tag]

Best Practices

  • Use specific tags instead of "latest" for production deployments
  • Implement automated scanning for vulnerabilities in your images
  • Use namespaces to organize images by team or project
  • Set up retention policies to manage storage costs
  • Implement access controls following the principle of least privilege
  • Sign your images to ensure integrity and authenticity