Overview

Service Overview

Container Registry is a service that provides a registry for storing and managing container images and OCI (Open Container Initiative) standard artifacts. Users can easily store, manage, and share images using the Docker CLI.

Features

• Simple registry management and image distribution: You can easily create a container registry for your project on Samsung Cloud Platform. By using the standard Docker CLI, you can easily pull images for deployment from the Container Registry, streamlining development and service deployment workflows.
• Efficient Container Image Storage: You can easily store container images anytime, anywhere. By integrating with Object Storage, you can store and retrieve images, enabling efficient image management. It also supports the Docker Registry V2 API specification for convenient use.
• Enhanced Security Registry Management: You can securely store and use images using Container Registry. Container Registry encrypts images stored in Object Storage and transfers images via HTTPS. Use resource-based IAM policies of Samsung Cloud Platform to set repository-specific access permissions, and you can use images according to the configured permissions.
• Container Image Vulnerability Analysis: Container Registry provides a feature that analyzes security vulnerabilities in stored container images. Users can view vulnerability results through a simple process of selecting and scanning an image, and can identify and remediate vulnerabilities based on the analysis results.

Service Architecture Diagram

Provided features

Container Registry provides the following features.

• Registry Management: Provides Container Registry creation, deletion, registry access control management (private), and visibility features.
• Repository Management: It is created under the Container Registry and provides functions to create, view, delete repositories, and set security policies.
• Image Management: Container images stored in the repository, providing image Push, image Pull, view, delete, applied tag management, and security policy configuration functions.
• Image Vulnerability Assessment: You can manually or automatically scan OS packages and language packages for security vulnerabilities, as well as secrets embedded in images stored in the Container Registry. Based on the scan results, users can identify and remove known vulnerabilities (CVE) and secrets to prevent the use of insecure images.

Component

Registry

The registry is a repository or collection of repositories used to store, access, and manage container images. Container registries can often support container‑based application development as part of the development and operations process. They can connect directly to container orchestration platforms such as Docker and Kubernetes. A registry acts as an intermediary that shares container images between systems, saving developers time in creating and delivering cloud‑native applications. In the case of Samsung Cloud Platform, it is provided in conjunction with Object Storage and transfers images over HTTPS.

repository

A repository is a logical management unit for image tags. Using a repository allows efficient management of image tags. A repository is a centralized virtual storage that developers use to modify and manage application source code. When developing applications, if there is a need to store and share various types of documents and source code, it enables developers to easily collaborate within the same account, edit simultaneously, and track/manage changes.

image

An image refers to something that includes all files and configuration values required to run a container. An image acts like a class that creates containers, and a container can be seen as the program or process that runs the image. For example, an Ubuntu image contains all files needed to run Ubuntu, and a MySQL image contains all files, IDs, passwords, port information, etc., required to run MySQL.

Preliminary Service

Container Registry has no prerequisite services.