How do I choose a container registry?
There are over a dozen major container registries available, so how does one choose one over the rest? Most options are functionally similar, so there isn’t exactly a wrong choice, but there are a few things you’ll want to consider before making a decision:
- Ecosystem compatibility: are you an AWS customer? A service like ECR comes with a lot of added convenience, whereas GAR makes little sense for your use case. GitHub Packages easily meshes with GitHub Actions pipelines.
- Pricing model: an OSS registry will be free at the cost of self-hosting and additional maintenance. Some registries offer flat-rate billing, while others price by usage.
- Artifact support: can your registry support any artifacts (Helm charts, OCI artifacts, etc.) aside from Docker/container images? It can sometimes be helpful to consolidate here.
- Feature set: many registries have vulnerability scanning by default and some form of access management. Is your team willing to set this up from scratch if these aren’t included? What else do you want at minimum?
Above all, you know what your team needs best. Check out the docs and pricing plans for each option, and see which registry makes the most sense for your use cases.
Comparing container registries
We looked at some of the best offerings on the market, and what makes each one distinct. Public opinions are favorable on all below, so your choice might boil down to which features you need, your pricing model, existing ecosystem lock-in, and hosting preference.
GitHub Packages (formerly GitHub Container Registry)
GitHub Packages uses GitHub’s release management to link container images with repository code changes. Packages can store container images and other file types — users can also host their zip files and source code of any file extension.
Packages is a solid container registry choice for GitHub users, as it is well-integrated with GitHub’s tool suite. Out of all the registries we’ve tested, it stood out for its exceptional DevEx — Packages is easy to onboard and has high quality documentation.
Docker Hub
Docker Hub is the largest and most popular container registry. This is largely because Docker images remain the container image industry standard. Since so many teams are already using Docker’s CLI to manage images, integrating push/pull to Docker Hub is trivial.
Docker Hub is a good registry for teams to “default” to — it is everything a full-featured container registry should be. It is easy to use and requires less customization than alternatives, particularly since it was designed from the ground up for Docker images. Docker Hub also has a very comprehensive “search” function, which allows users to explore/discover popular images.
Harbor
Harbor is an open source container registry (VMware offers an extended version: VMware Harbor Registry). It’s a CNCF graduated project. It is designed first and foremost as a cloud native-friendly repository; Harbor can be installed on any Kubernetes environment. Harbor has IAM and RBAC, as well as image vulnerability scanning.
As a thriving OSS project, Harbor has an active community, facilitated into frequent community calls and a Slack group. As a result, it’s well-supported and frequently updated, and maintainers and community members are often willing to help newcomers get set up.
Quay
Quay.io is Red Hat’s hosted container registry. It is free for use with public repositories. Quay puts an emphasis on security: it offers vulnerability scanning, access control, and audit logging. Quay uses flat-rate billing, where users pay based on number of repositories instead of data size, which may be a better pricing model for certain teams.
Quay is built off of the open source Project Quay, which is quite similar feature-wise. However, Quay.io offers managed hosting and enterprise-grade technical support; many teams benefit from a “set and forget” registry setup.
JFrog Container Registry
JFrog Container Registry offering is built on the successful Artifactory platform. One of its biggest distinguishers is its focus and full support for Helm and virtual repositories, while most other focus mainly on Docker/container images. JFrog Container Registry is multi-cloud compatible, and offers self-hosted, hybrid, and managed options. It’s trusted for repositories at scale.
JFrog Container Registry is a reliable, full-featured option for medium and large orgs, and is the platform of choice for some of the biggest orgs today. It’s integrated with the JFrog ecosystem, but also works as a standalone registry.
CNCF Distribution (formerly “The Registry”)
Distribution is the framework behind Docker Hub. It has been donated to the Cloud Native Computing Foundation as an open source, self-hosted container registry. Distribution implements the Open Container Initiative (OCI) Distribution Spec.
Distribution itself is a strong base for orgs who want to implement and maintain their own custom registry. However, its documentation reminds users that Distribution might have fewer features out of the box than alternatives.
GitLab Container Registry
This container registry is GitLab’s equivalent to GitHub Packages, although it is distinct from GitLab Package Registry. It allows users to store container images alongside their relevant repositories/projects. This way, a repository and its images are coupled together — which can make versioning and release management a little more frictionless.
GitLab Container Registry is especially convenient for teams already using the GitLab ecosystem (for source code management, CI/CD, etc.).
Google Artifact Registry (formerly Google Container Registry)
Artifact Registry is Google Cloud’s offering for storing Docker images and other packages. It expands upon GCR’s features: Artifact Registry introduced improved access control, virtual and remote registries, vulnerability scanning, and audit logging. It’s aimed at existing GCloud users, as it includes some integrated tooling, e.g. users can easily deploy containers to GKE and Cloud Run. It’s feature-complete, which explains why it trends on the pricier end of this list.
GAR is best suited for Google Cloud orgs looking for an easy way to get their images deployed to GKE and other managed services.
Amazon Elastic Container Registry (ECR)
Elastic Container Registry is popular for users in the AWS ecosystem. ECR encrypts, scans, and offers access control to container images and other artifacts. Unlike most other registries on this list, ECR handles access control a bit differently: users must use the AWS CLI.
ECR is most valuable when used as a component in your AWS deployment pipeline, just as GAR is to GCloud’s. It is comparably priced. ECR makes it easy to deploy containers to AWS’ managed services: EKS and ECS.
Beyond the registry
Once you’ve pushed your images to a container registry, you’ll want to pull them into your pre-production environments to preview and test. That’s where Shipyard comes in. We pull your Docker/container images from your configured remote registry, and spin them up in ephemeral Kubernetes environments. Plus, we’re compatible with every major registry. Try it out free today.
