Tuesday, October 5, 2021

5 alternatives to Docker Hub

Working with Docker? Know the best 5 alternatives to Docker Hub and why use them.
Photo by Alex wong on Unsplash

At this point, you probably used Docker and Docker Hub already. Docker Hub is the world's most popular container registry and an amazing source of high-quality software. But do you know that there are alternatives to it offered on the cloud by Google, Amazon, Microsoft and others?

Today, let's learn about them.

After Docker Hub restricted its support for Open Source projects, this article is getting a lot of traction again. Hope it helps!

Container Registries

But first, let's review what are container registries.

Container registries are cloud-based repositories for storing and distributing Docker (and OCI-compatible) images. They provide a central place to store and share images, which can then be deployed to any environment that hosts containers (like Kubernetes or GKE for example).

Besides that, container registries can build, store, secure, scan, replicate, and manage your images from fully managed, geo-replicated instances, significantly reducing costs and maintenance efforts.

Container registries such as Docker Hub usually operate like this:


Managed Container Registries?

Managed container registries are regular container registries hosted on the cloud. However, they provide significant benefits and, contrary to what you think, are not expensive. Using a managed container registry is recommended as the offered features will save your team a lot of time.

Why use a managed container registry?

As with any other cloud services, there are benefits in using a managed (cloud-based) container registry. The main reason to use them are:

  • Fully-managed: by using fully managed registries, you can release your ops team from maintaining your own repo
  • Private registries: keep images in private repositories and only accessible to team members.
  • Secured: you can use cloud firewall to protect your services.
  • Lower latency: you want a minimum latency between your images and your deployment targets.
  • Integrated security: it's common to have custom authentication, role-based access control and virtual network integration
  • Integrated with your cloud: most managed container registries will provide some integration with your cloud meaning that'll be easier to share and deploy those images to your environments.
  • Automated builds: managed registries allow you to build container images automatically after pushing to your remote repo.
  • CI/CD pipelines: some registries also offer  CI/CD pipelines that automatically build and deploy directly to Kubernetes and other tools.
  • Auto-scaling: allows serving users and hosts wherever they are, with multi-master geo-replication
  • Automated vulnerability scans: some registries will automatically scan your images and alert you on your 
  • Geo-replicated: got a team distributed around the world? A geo-replicated container registry may speed up things for team members as it'll be sitting beside them.

    Docker Hub

    Docker Hub is the world's most popular Docker container registry. With it you can create, manage, and deliver your teams' container applications. Currently, the main features of the paid version of Docker Hub offers:

    • Fully-managed and highly available hosting: ACR hosts and manages your repo for you.
    • Public and Private repos: with the paid plan you can have public and private repos.
    • Parallel Builds: multiple teams can build projects in parallel.
    • Security features: Docker Hub offers important security features such as vulnerability scanning, encryption, TLS and role-based access controls.

    One of the main advantages of Docker Hub is that it's where you'll get official images for the most popular images such as CentOS, Python, Go, Ubuntu, MariaDb, nginx, Node, Alpine, MongoDB and more!

    Docker discontinued its support for Open Source projects so I can no longer recommend it.

    Fore more information about Docker Hub, please click here.

    GitHub Container Registry

    GitHub Container Registry is a software package hosting service from GitHub that allows you to store and manage your Docker images. It supports both public and private repositories and is integrated with GitHub, allowing you to quickly and easily deploy your images to cloud-based services.

    GitHub Container Registry also integrates with GitHub Actions, providing an easy way to automate the build, test, and deploy process for your Docker images.


    GitHub remains my favourite as it integrates great with your code (if you're using a GitHub repo), and is very generous for open source repositories

    You can store and manage Docker and OCI images in the Container registry, which uses the package namespace https://ghcr.io.

    Google Container Registry

    Google Container Registry (GCR) is Google's container history. As Docker Hub, GCR offers the a fully managed image registry allowing you to push/pull your images. Currently the main features of GCR are:
    • Fully-managed and highly available hosting: GCR hosts and manages your repo for you.
    • Automated features: GRC offers automated builds, build triggers and automatic deployments.
    • Extensibe CI/CD integrations: so you can fully automate your pipelines
    • Google Cloud integration: GCR offers built-in integration with the Google Cloud
    • Google Kubernets Engine integration: GRC offers Google Kubernetes Engine integration. It uses the service account configured on the VM instances of cluster nodes to push and pull images.
    • Security features: GCR offers important security features such as vulnerability scanning, encryption, TLS and role-based access controls.
    • OCI-Compatible: compatibility with Docker and OCI-compatible images

    Highlighted Feature: Integration with Google Cloud

    For those using Google Cloud, GCR offers interesting integrations with Google Cloud including integrations with Google Kubernetes Engine and Compute Engine.

    Fore more information about Google Container Registry, please click here.

    Amazon Elastic Container Registry (ECR)

    Amazon Elastic Container Registry (ECR) - ECR is a fully-managed container registry that makes it easy for developers to store, manage, and deploy your images. Currently the main features offered by Amazon ECR are:
    • Fully-managed and highly available hosting: ECR hosts and manages your repo for you.
    • AWS Marketplace: ECR can store your containers and those you buy from AWS Marketplace
    • CI/CD integrations: so you can fully automate your pipelines
    • Automated features: ECR offers automated builds, build triggers and automatic deployments.
    • ECS integration: integration with the Amazon ECS so you can directly run your containers in production
    • Security features: ECR offers important security features such as vulnerability scanning, encryption, TLS and role-based access controls.
    • OCI-Compatible: compatibility with Docker and OCI-compatible images

    Highlighted Feature: ECS Integration

    One of the most interesting features of ECR is its built-in integration with Amazon Elastic Container Service (ECS). From it, you can directly run your containers in production simplifying and accelerating your workflow.

      For more information about Amazon Elastic Container Registry, please click here.

      Azure Container Registry (ACR)

      Azure Container Registry (ACR) is another a fully-managed Docker container registry allowing you to build, store, secure, scan, replicate, and manage container images. ACR is the recommended tool for those running Azure services already. Currently the main features of Azure ACR are:
      • Fully-managed and highly available hosting: ACR hosts and manages your repo for you.
      • Geo-replication: to efficiently manage a single registry across multiple regions.
      • Automated features: ACR offers automated builds, patching, task scheduling, build triggers and automatic deployments.
      • Multi-format: Supports Helm charts, Singularity support, and new OCI artifact-supported formats
      • Integrated security: integrated security with Azure Active Directory (Azure AD) authentication, role-based access control, Docker Content Trust, and virtual network integration
      • Multi-environments: ACR connects across environments including Azure Kubernetes Service and Azure Red Hat OpenShift 
      • CI/CD integrations: so you can fully automate your pipelines
      • OCI-Compatible: compatibility with Docker and OCI-compatible images

      Highlighted Feature: Geo-replication

      One of the main features of ACR is its geo-replication. With it you can enable a registry to serve users, hosts, synchronize artifactsand receive notifications via webhooks. According to Microsoft, global scaling looks like this:

      Fore more information about Azure Container Registry, please click here.

      Quay

      Quay is offered by Red Hat allows you to store your containers on private and public repos. Quay also allows you to automate your container builds, and integrates with GitHub and others. Quay also provides automated scan containers for vulnerabilities and other tools. Currently the main features of Quay are:
      • Public and Private repos: with quay you not only can have private but also public repos to share youre images with the world.
      • High availability and geo-replication: Quay also offers geographic replication for the running of multiple instances of Red Hat Quay across several regions and syncing between data centers.
      • Robot accounts: Create credentials designed for deploying software automatically.
      • Security features: such as authentication, SSL, etc.
      • Logging and auditing: Auditing is essential for everything in your CI pipeline. Actions via API and UI are tracked.
      • CI/CD integrations: so you can fully automate your pipelines.
      • Granular management: Complete control over who can access your containers, track changes, and automatically scan for vulnerabilities.
      • Public and private clouds: Quay is offered on its public cloud or on a on premises version (see below)  
      • Security features: Quay offers important security features such as vulnerability scanning, encryption, TLS and role-based access controls.
      • Automated features: ECR offers automated builds, build triggers and automatic deployments.

      Highlighted Feature: On premises

      In case your organization needs, Quay can also be installed on premises using OpenShift. This is a very important feature for big organizations that run their private clouds and need to keep everything under their own infrastructure.
      Source: Openshift.com

      Fore more information about Quay, please click here.

      Digital Ocean Container Registry

      The good folks at Digital Ocean also offer their own container registry (DOCR). Digital Ocean's container registry lets you store containers for rapid deployment to DigitalOcean Kubernetes.  Currently the main features offered by DOCR are:
      • Fully-managed and highly available hosting: ACR hosts and manages your repo for you.
      • Public and Private repos: with the paid plan you can have public and private repos.
      • Parallel Builds: multiple teams can build projects in parallel.
      • Security features: Docker Hub offers important security features such as vulnerability scanning, encryption, TLS and role-based access controls.

      Highlighted Feature: Integration with Digital Ocean Kubernetes

      With DOCR you can build your container images on any machine, and push them to DigitalOcean Container Registry with the Docker CLI. DigitalOcean Kubernetes seamlessly integrates to facilitate continuous deployment.

      Fore more information about Digital Ocean Container Registry, please click here.

      Conclusion

      On this post we reviewed five alternatives to Docker Hub. As the alternatives discussed offer essentially the same features, rule of thumb should be using what's more convenient for your team. As a guideline, you should choose the service from your of cloud provider as it will integrate with other products you probably use. If on a private cloud, Quay can be a good alternative.

      The essential requirements to look for wen looking for a container registry should be: being fully-managed, private repositories, CI/CD integrations (so you can automate your workflow) and robust security features.

      See Also

      About the Author

      Bruno Hildenbrand      
      Principal Architect, HildenCo Solutions.