AKS Today – Container Registries

When you package up your application in a container image, you need somewhere to store it. That is the purpose of the container registry. It is like an app store for your container images. A registry is organized into repositories, where a repository holds all the versions of a specific image. You might have separate repositories for app1 and app2, for example. When you make an update to your app, you don’t update the image that is stored in the registry…instead you push a new image into the registry since container images are immutable.

  • Registry
    • Repository
      • Image
        • Version

Docker Hub is a great example of a container registry. It allows individuals or organizations to publish container images that you can then deploy into a container. It supports public and private registries…which is something we should talk about.

Sometimes you don’t want anyone in the world to download your images and that is when you will want to choose a private container registry to store your images instead of a public one. With a private registry, you have to authenticate to the registry (using username/password or a token or an access key) before you can download the image. It’s very similar to a password-protected FTP account.

In the image below, you can see that a developer has the option of pushing their images to a public registry or a private registry owned by acme.com.


There are many container registries out there like Docker Hub, Azure Container Registry (ACR), Amazon Elastic Container Registry (ECR), Google Container Registry (GCR) and jFrog Artifactory and most support public/private registries.

Considering the registry keeps your images available to be downloaded and run when needed (like scale out, updates, node failure, maintenance, etc) it is important that you ensure your container registry itself can survived a failure or outage. Many of the container registries allow you to replicate the images from one datacenter or region to another. You can see below the replication I have enabled for my registries in ACR.


You can learn more about container registries here: https://docs.microsoft.com/en-us/dotnet/standard/microservices-architecture/container-docker-introduction/docker-containers-images-registries.