Container Registries
A container registry is a storage and distribution system for container images. It allows you to store, manage, and retrieve containerized applications for deployment. Serverless Containers supports pulling images from both public and private registries that comply with standard Docker protocols.
Use Cases
Container registries are essential in modern DevOps workflows. They enable:
- Deployment of custom-built applications from your own CI/CD pipeline.
- Versioning of application images, allowing consistent releases across environments.
- Team collaboration, by sharing images via public or private repositories.
- Security and access control, ensuring only authorized users can pull and run sensitive applications.
- Scalability, by letting infrastructure pull images directly from trusted sources at runtime.
Key Characteristics
Here are the main capabilities of container registries on our platform:
-
Support for public and private registries
You can use any registry that supports the Docker Registry HTTP API V2. -
Read-only access required
Our platform only needs pull permissions to fetch container images. -
Flexible image references
Images are referenced using standard Docker format, e.g.:
docker.io/username/myapp:1.0 -
Authentication support
Use credentials (username/password or access tokens) when accessing private registries. -
TLS-encrypted communication
Registries must be available over HTTPS.
Commonly Supported Registries
| Registry | URL / Notes |
|---|---|
| Docker Hub | registry.hub.docker.com |
| GitHub Container Registry | ghcr.io |
| GitLab Container Registry | registry.gitlab.com |
| Azure Container Registry | Azure |
| Quay (Red Hat) | quay.io |
| Google Artifact Registry | Recommended for Google Cloud users |
| Google Container Registry | Deprecated as of May 2024 |
| Private Registries | Must follow distribution.github.io/distribution. |
Best Practices
-
Use access tokens instead of passwords
Especially for CI/CD pipelines and automation, tokens offer better security. -
Tag your images clearly
Use semantic versioning or commit hashes to differentiate builds, e.g.myapp:1.2.3. -
Limit credentials scope
Grant only the necessary pull permissions for your containers. -
Verify your registry supports HTTPS and Docker API v2
This is required for compatibility with the platform. -
Keep your images small and optimized
Use slim base images and multi-stage builds to reduce load time and attack surface.
FAQs
Do I need a private registry?
No. You can use public registries like Docker Hub or GitHub for most use cases. A private registry is useful when you need to restrict access to proprietary applications.
What if I want to use a private registry?
Ensure your private registry is accessible via HTTPS and meets the Docker Registry HTTP API V2 spec. Only pull access is required. See distribution.github.io/distribution for requirements.
Can I use images from deprecated registries like GCR?
Yes, but we recommend migrating to supported alternatives such as Google Artifact Registry (GAR), since Google Container Registry (GCR) has been deprecated as of May 2024.
What credentials are supported?
You can use:
- Docker Hub username/password
- GitHub Personal Access Tokens
- GitLab Deploy Tokens
- Azure Service Principals
- Any registry-compatible authentication method
Do I have to push images from my local machine?
No. You can also use CI/CD pipelines (e.g. GitHub Actions, GitLab CI, Jenkins) to build and push images to your preferred registry.
What's Next?
- How to Upload a Container Image
- Run Jupyter in a Container
- Enable Persistent Storage
- Secure Your Container Deployments
Need help? Reach out to our support team anytime.