Container Registries

Show Notes

Show: 45

Show Overview: Brian and Tyler talk about the core capabilities of container registries, how they interact with Kubernetes and CI/CD pipelines, and some design and security considerations for architects.
 
Show Notes:

• Twistlock $33M in Funding - Container Security
• Project Clair - Vulnerability Scanning
• Quay Container Registry
• Red Hat OpenShift Registry

Topic 1 - Let’s start with the basics. What does a container registry do? Is it just a glorified FTP server?

• Serves and stores container images 
• Has a storage backend that should be replicated (somewhere) - usually Object or NFS 
• May have the ability to scan images for vulnerabilities or digitally sign image

Topic 2 - What are the typical interactions that a container registry has with elements of Kubernetes (e.g. Deployments, Kubernetes masters) and elements around Kubernetes (e.g. CI/CD pipeline)?

Topic 3 - How do things like scanning and signing fit into container registries? Or should that function reside somewhere else?

Topic 4 - What sort of design considerations should architects consider for the container registry?

• Where is it physically located? 
• How to handle redundancy or replication? 
• How to scope out performance? 
• Multi-Tenancy or Groups?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com