PodCTL - Enterprise Kubernetes

Container Registries

August 15, 2018 Brian Gracely & Tyler Britten
PodCTL - Enterprise Kubernetes
Container Registries
Show Notes

Show: 45

Show Overview: Brian and Tyler talk about the core capabilities of container registries, how they interact with Kubernetes and CI/CD pipelines, and some design and security considerations for architects.
Show Notes:

Topic 1 - Let’s start with the basics. What does a container registry do? Is it just a glorified FTP server?

  • Serves and stores container images 
  • Has a storage backend that should be replicated (somewhere) - usually Object or NFS 
  • May have the ability to scan images for vulnerabilities or digitally sign image

Topic 2 - What are the typical interactions that a container registry has with elements of Kubernetes (e.g. Deployments, Kubernetes masters) and elements around Kubernetes (e.g. CI/CD pipeline)?

Topic 3 - How do things like scanning and signing fit into container registries? Or should that function reside somewhere else?

Topic 4 - What sort of design considerations should architects consider for the container registry?

  • Where is it physically located? 
  • How to handle redundancy or replication? 
  • How to scope out performance? 
  • Multi-Tenancy or Groups?