PodCTL - Enterprise Kubernetes
PodCTL - Enterprise Kubernetes
Container Registries
Show: 45
Show Overview: Brian and Tyler talk about the core capabilities of container registries, how they interact with Kubernetes and CI/CD pipelines, and some design and security considerations for architects.
Show Notes:
- Twistlock $33M in Funding - Container Security
- Project Clair - Vulnerability Scanning
- Quay Container Registry
- Red Hat OpenShift Registry
Topic 1 - Let’s start with the basics. What does a container registry do? Is it just a glorified FTP server?
- Serves and stores container images
- Has a storage backend that should be replicated (somewhere) - usually Object or NFS
- May have the ability to scan images for vulnerabilities or digitally sign image
Topic 2 - What are the typical interactions that a container registry has with elements of Kubernetes (e.g. Deployments, Kubernetes masters) and elements around Kubernetes (e.g. CI/CD pipeline)?
Topic 3 - How do things like scanning and signing fit into container registries? Or should that function reside somewhere else?
Topic 4 - What sort of design considerations should architects consider for the container registry?
- Where is it physically located?
- How to handle redundancy or replication?
- How to scope out performance?
- Multi-Tenancy or Groups?
Feedback?
- Email: PodCTL at gmail dot com
- Twitter: @PodCTL
- Web: http://podctl.com