Container registry technology is picking up steam parallel to Microservices Architecture with current Google trends indicating clear growth in this area. While there is no disagreement that a registry is needed, it is clear you need a robust one to deliver your container images to customers effectively. We should level-set what our expectations should be when working with a container registry.
Consumer-Centric: When you create a container image, you definitely need a registry so your consumers can effectively consume both the first version, as well as subsequent versions. With continuous image updates, customers must be notified of the new versions so they can easily pull these new images in an effective and seamless fashion.
Integrated Container Environment: When you are producing images as a way to deliver your software, you need hooks, plugins, and CLIs to ensure your developers can push into a registry from within an IDE, or development environment. Container registries are expected to provide this integration for overall developer productivity.
This requires registries to provide an ability to push or pull images in various kinds of repositories (remote or virtual) and query them with various metadata information, including time-stamp, to ensure they get the exact image they need.
An example would be aql from the JFrog Container Registry, which provides a very deep and flexible way to get your exact image, which can be a small query, in a developmental environment to be consistent with what image you plan to use. Some registries have had issues as simple as getting the latest image consistently from different container registries. Using aql allows us to resolve this issue.Distribute Fast: The fundamental need for you to push the image here is to ensure it can be accessed globally, with the right versions available, in all the caches provided and in the fastest possible way. Ensuring your registry provides you with enough caching support is critical.
Multi-Cloud: The way to go is cloud-agnostic. You are already multi-cloud, but it is very hard for you to manage these images across these container registries being provided by these clouds. You should consider using providers who are cloud-agnostic and serve you registries that you can install yourself, giving you the flexibility you need to deploy it where you want to.
JFrog Container Registry provides you a downloadable registry to allow you to be cloud-agnostic, while also providing you the flexibility to install in any cloud environment.Optimization: Storage usage optimization allows for effective storage and provides enough strategies to allow for continuous clearing of development versions, vulnerable versions, and versions not supported anymore.
Support Evolving Standards: Your registry should align with the OCI standards of today, as well as continuously evolving to support the changing standards.
Secure Distribution: Ensure that you never deliver vulnerable software to any of your customers and your registry should always stay on top of the latest vulnerabilities.
Private Repositories: Keeping your binaries separate and private to use them only amongst your partners, either during development or as a standard business practice, is an important expectation from your container registry.
Hosting Multiple Versions Across all of your Microservices Daily: There are significant scaling expectations that need to be met by the container registry, especially with millions, or even billions of downloads. Can the registry scale to these needs?
Control of the Software Flow: Last, but not least, the registry should allow you to always be in control. In particular, with how it operates; deleting older images (be it dev, be it unused, etc), how it provides the insight on the usage, how granular access controls are, or how to turn off and pull back published images that are found to be vulnerable post publishing.
Do you think I missed something, Let me know.