How to own your own Docker Registry address

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Containerd k8s-sig-infra Kubernetes

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • registry.k8s.io

    This project is the repo for registry.k8s.io, the production OCI registry service for Kubernetes' container image artifacts

    • Hosting a forwarding / redirect server instead of actually hosting images is probably a decent idea.

    The K8s proxy is redirecting from only hosting on GCR to community-owned registries - https://kubernetes.io/blog/2023/03/10/image-registry-redirec...

    You can view the code here - https://github.com/kubernetes/registry.k8s.io

    But because everyone is already pointing at gcr.io (just like many openfaas users point at docker.io/) - they're having to do a huge campaign to announce the new URL - the same would apply with the author's solution here.

    I wrote some automation for hosting (not redirects) in arkade with the OSS registry - Get a TLS-enabled Docker registry in 5 minutes - https://blog.alexellis.io/get-a-tls-enabled-docker-registry-...

    The registry is also something you can run on a VM if you so wish, and have act as a pull through cache.

    Apart from reliability - GitHub's container registry is the current next best option - but we have to ask ourselves, what happens when they start charging or the outages start to last longer or are more frequent than 1-2 times per week as we've seen in Q1 2023.

  • official-images

    Primary source of truth for the Docker "Official Images" program

    • > In their updated policy, it appears they now won't remove any existing images, but projects who don't pay up will not be able to publish any new images

    This is not correct. It's the "organization" features are going away. That is the feature which lets you create teams, add other users to those teams, and grant teams access to push images and access private repositories. Multiple maintainers can still collaborate on publishing new images through use of access tokens which grant access to publish those images. It's kind of a hack, but it works. You would typically use these access tokens with automated CI tools anyway. This will require converting the organization account to a personal user (non-org) account. (Interesting note/disclosure: I was the engineer who first implemented the feature of converting a personal user account into an organization account some time around 2014/2015, but I no longer work there.)

    For open source projects which are not part of the Docker Official Images (the "library" images [1]), they announced that such projects can apply to the Docker-Sponsored Open Source Program [2].

    I would also heed the warning from the author of this article:

    > Self-hosting a registry is not free, and it's more work than it sounds: it's a proper piece of infrastructure, and comes with all the obligations that implies, from monitoring to promptly applying security updates to load & disk-space management. Nobody (let alone tiny projects like these) wants this job.

    Having most container images hosted by a handful of centralized registries has its problems, as noted, but so does an alternative scenario where multiple projects which decided to go self-hosted eventually lack the resources to continue doing so for their legacy users. Though, I suppose the nice thing about container images is that you can always pull and push them somewhere else to keep around indefinitely.

    [1] https://hub.docker.com/u/library

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • nerdctl

    contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...

    • Nerdctl/containerd has IPFS support :)

    https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md

  • one-click-apps

    Community Maintained One Click Apps (https://github.com/caprover/caprover)

    • > Which One-Click App are you using? I looked over their list, but couldn't find the Docker Registry. Thanks!

    I'm not sure about them, but Nexus might fit the bill from that list: https://github.com/caprover/one-click-apps/blob/master/publi...

    It's what I'm using for myself (though with just Docker Swarm + Apache2, without Caprover) and has worked well for years.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts