Container Registries

Show: 45Show Overview: Brian and Tyler talk about the core capabilities of container registries, how they interact with Kubernetes and CI/CD pipelines, and some design and security considerations for architects. Show Notes:Twistlock $33M in Funding - Container SecurityProject Clair - Vulnerability ScanningQuay Container RegistryRed Hat OpenShift RegistryTopic 1 - Let’s start with the basics. What does a container registry do? Is it just a glorified FTP server?Serves and stores container images Has a storage backend that should be replicated (somewhere) - usually Object or NFS May have the ability to scan images for vulnerabilities or digitally sign imageTopic 2 - What are the typical interactions that a container registry has with elements of Kubernetes (e.g. Deployments, Kubernetes masters) and elements around Kubernetes (e.g. CI/CD pipeline)?Topic 3 - How do things like scanning and signing fit into container registries? Or should that function reside somewhere else?Topic 4 - What sort of design considerations should architects consider for the container registry?Where is it physically located? How to handle redundancy or replication? How to scope out performance? Multi-Tenancy or Groups?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com