Choosing the right image registry that meets all your production requirements is critical to the success of any application development cycle. Any issues with your registry and the entire development cycle gets disrupted!
There are several open source and commercial options available for a container registry. In this post, I will provide a quick overview of a few commercial container image registries such as DockerHub, Amazon EC2, and JFrog and discuss pros and cons of each.
If you have used Docker containers, then you probably know about DockerHub. Being the default registry service in the docker engine, it is the most widely used. DockerHub’s collaboration model is similar to that of GitHub. You can create organizations and also add individual collaborators to each repository. DockerHub provides major features like image repository management, webhooks, organizations, GitHub, and BitBucket integration with automated builds etc.
- Uses a very familiar collaboration model as GitHub, therefore being very easy to use, especially for GitHub users
- Provides public and private repositories
- Quickly creates organizations, add users or create groups of users to collaborate with your repositories.
- Allows users to set permissions to restrict access or set different levels like read, ride and admin to different users.
- Fairly inexpensive with usage based pricing.
- Security scanning available on additional cost.
- Lacks fine grain access control.
- Does not provide any insight into the registry usage.
- Lacks LDAP, SAML, and OAuth support.
- Registry performance can be inconsistent.
Amazon EC2 Registry
Amazon EC2 Container Registry (ECR) is a fully managed container registry by AWS that offers very fine grained permissions and access control via AWS Identity and Access Management (IAM). Amazon ECR is integrated with Amazon EC2 Container Service (ECS), thus simplifying development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications.
- Familiar to AWS users and easy to use.
- Highly secure as policies can be configured to manage permissions and control access to user’s images using AWS IAM users and roles without having to manage credentials directly on EC2 instances.
- No upfront fees or commitments. You pay only for the amount of data you store in your repositories and data transferred to the Internet.
- Tight integration with Amazon ECS and the Docker CLI, allowing you to simplify your development and production workflows.
- Lack of insight into registry usage.
- Difficult to use with docker client as it requires creating a temporary token.
- Potentially expensive if the containers being deployed are not in AWS.
JFrog Artifactory is an enterprise-ready Universal Artifact Repository Manager supporting secure, clustered, high availability Docker registries. It integrates with all major CI/CD and DevOps tools and provides an end-to-end, automated and bullet-proof solution for tracking artifacts from development to production.
- Supports different artifacts created by any language or tools.
- Fairly easy to use.
- Cluster, High Availability supported which means that replication to another instance of Artifactory (multi-site) is easily possible.
- Flexible deployment options such as SaaS and on-premises.
- Out of the box integrations with all CI/CD and DevOps tools.
- Security scanning is also available at additional cost.
- On-premises version needs to be managed and upgraded by the end user.
- Could be expensive compared to hosted options.
To conclude, an image registry is required to deploy containerized applications. Several options have emerged for an enterprise grade image registry and most of them meet certain standards of security, high performance, and reliability. Users now have a choice to use a public image registry such as Docker Hub or a private image registry such as Docker Trusted Registry or JFrog Artifactory. Additionally, public cloud providers such as Amazon Web Services and Google Cloud now offer their own image registry services that are well integrated with their security roles and privileges.