Don't roll your own container image registries

This is a serious of posts on thoughts and gotchas when architecting / developing solutions that involve docker.

Guidance

Cloud hosted image registries (such as bluemix, google, amazon, quay, dockerhub) should be used for the storage of project container images instead of developing your own in-house on-premise solution

Reasoning

Although it may be tempting to use an on-premise solution for hosting of container images.
This should be avoided unless there are specific project requirements that mandate this.

Valid reasons can include:

  • Sensitivity of the image
  • Restrictions on the locations of the image
  • Strict SLA's on the availability of the image registry
  • Strict security isolation

The reason that this should be avoided is that hosting your own image registry provider has the following issues.

  • Exposure of unnecessary risk on the security of the images
  • Increased operational infrastructure
  • Operational Maintenance Procedures
    • Backup
    • Restore
    • Patching
  • Increased infrastructure
    • Image Registry Servers
    • Volumes
    • Load Balancers
    • Firewalls
    • Global Load Balancers
  • Increased testing
    • Availability
    • Performance
    • Redundancy
    • Failure Testing

chris hay

Read more posts by this author.