Shared container registry

β­οΈβ­οΈπŸ›¬ Landing ZoneA central repository provides hardened container images.

🚧 This capability reference page is a draft.

If you want to be notified when the capability reference page is finished, click here.

Shared container registries allow teams building container-based applications to deliver their own containers for deployment and consume blessed base images from a central location. Organizations can leverage shared container registries to implement policies for scanning images for vulnerabilities and creating an inventory of software assets. The motivations for implementing a shared container registry can be similar to Shared VM Image Repository for IaaS applications.

Cloud Foundation teams should consider offering a shared container registry as part of their service offering in the following scenarios

  • Your landing zones are enforcing restricted internet access and consumption of public registries is not easily possible

  • You have compliance needs around vulnerability scanning, restricting acceptable 3rd party licenses or image archival

  • You have a lot of application teams planning to use containers for application deployment and want to boost productivity by providing a managed services instead of each team rolling their own registry

To implement a shared container registry, cloud foundation teams can consider leveraging either cloud-native managed services such as Google Cloud Container Registry or dedicated open source registries like Project Quay.

  • Quay

    Quay is a container image registry that enables you to build, organize, distribute, and deploy containers. Quay gives you security over your repositories with image vulnerability scanning and robust access controls. Project Quay provides a scalable open source platform to host container images across any size organization.

    Learn More open in new window