Summary
A Docker Registry is a server-side application that stores and distributes container images, acting as the repository from which container runtimes pull images to run workloads.
What is a Docker Registry?
Registries implement the OCI Distribution Specification, making them compatible with Docker, Podman, Kubernetes, and any OCI-compliant tool. Images are stored as collections of layers; pulling an image downloads only the layers not already present on the client, saving bandwidth.
Docker Hub is the default public registry, hosting millions of official and community images. Organisations typically run private registries—such as Harbor, GitLab Container Registry, AWS ECR, or Azure ACR—to store proprietary images securely and enforce access control.
Private registries add features like vulnerability scanning, image signing for supply chain security, replication across regions, and retention policies. CI/CD pipelines push newly built images to the registry, and Kubernetes pulls them at deployment time.
Why is Docker Registry relevant?
- Supply chain security: Private registries control which images enter the environment
- Performance: Regional replication reduces image pull latency in distributed deployments
- Compliance: Access logs and image signing provide audit trails for container provenance
- Dependency management: Mirrors of public images ensure builds are not affected by external outages