Docker registries are collections of versioned repositories where users can upload and share Docker images. Apart from the well-known public repositories like Docker Hub, there also exist other lesser known repositories, some of them specialized, both offered as a service as well as deployable on-premises.
Some hosted registries have the option of private repositories, like Docker Hub, which offers one free private repository for each user and more for paid users. Docker Hub is modeled along the lines of Github, offering collaboration, organizations, and groups within organizations. It also has good integration with Github and Bitbucket. Docker Hub does not have finer grained control for access permissions, and neither does it support integration with common enterprise authentication/authorization systems like LDAP and Active Directory.
With most cloud platform providers offering container hosting support, registries are the next logical feature for them. AWS has the EC2 Container Registry (ECR) and Google Cloud Platform has its Google Container Registry. Amazon’s ECR integrates with its Elastic Container Service (ECS) and comes with the scalability of AWS as well as private hosting options. Google’s service has multiple security features like time-based tokens for authentication and encrypted storage for all images.
There are various registries that can be used either as a hosted service or hosted on-premises. Among these are:
- Quay.io by CoreOS. This has a free model for public repositories and a paid model for private repositories, with the pricing varying based on the number of repositories. Quay has the concept of organization and teams and related access controls. It also has a GUI for workflow and image lifecycle viewing, with webhooks and event notifications that are helpful while building a software delivery pipeline. Authentication support includes Dex (an OpenID and OAuth 2.0 provider), LDAP and OpenStack's Keystone. The on-premises version of Quay is called Quay Enterprise.
- Artifactory by JFrog. Artifactory is relatively expensive compared to others. It supports LDAP as well as SAML authentication and user/group level permissions.
- Gitlab container registry. Since this is built by Gitlab, it has good compatibility with Gitlab’s tools and workflow like Gitlab CI and enables storing Docker images in the same dimension as the source code for a project.
Some registries are focused on specifics like security. FlawCheck is such an example that has vulnerability scanning for Docker images. VMware’s Harbor is an open source image hosting registry that has security and identity management. Harbor can integrate with existing systems like LDAP. Its security focus extends to features like activity auditing.
Sonatype’s Nexus includes support for, among other things, Docker repositories and can be used as a registry.