What is Container Registry? - Container Registry - Alibaba Cloud Documentation Center

Alibaba Cloud Container Registry is a service that allows you to manage and distribute cloud-native artifacts that meet the standards of Open Container Initiative (OCI) in an effective manner. The artifacts include container images and Helm charts. Container Registry Enterprise Edition provides end-to-end acceleration capabilities to support global image replication, distribution of large images at scale, and image building based on multiple code sources. The service seamlessly integrates with Container Service for Kubernetes (ACK) to help enterprises reduce delivery complexity and provides a one-stop solution for cloud-native applications.

Editions

Container Registry Enterprise Edition

Container Registry Enterprise Edition is a platform designed to manage the lifecycle of cloud-native application artifacts that meet the standards of OCI, including container images and Helm charts. Container Registry Enterprise Edition efficiently distributes large-scale application artifacts across multiple regions in different scenarios. The service seamlessly integrates with ACK, which simplifies the application delivery for enterprises.

Container Registry Personal Edition

Container Registry Personal Edition provides individual developers with basic features for container image management. The features include application image hosting, image scanning, image building, and image access control. Personal Edition supports full lifecycle management of container images.

Features

Features of Container Registry Enterprise Edition

Feature	Description
Hosting of complete OCI artifacts	Container Registry Enterprise Edition can manage multiple types of OCI artifacts, such as container images that are based on multiple architectures (such as Linux, Windows, and ARM), and charts of Helm v2 and Helm v3.
Accelerated application distribution	Container Registry Enterprise Edition can synchronize container images across different regions around the world to improve distribution efficiency. Container Registry Enterprise Edition supports image distribution in P2P mode.
Comprehensive security assurance	Container Registry Enterprise Edition ensures storage and content security by storing cloud-native application artifacts after encryption, supports image scanning to detect vulnerabilities, and generates vulnerability reports from multiple perspectives. Container Registry Enterprise Edition ensures secure access by providing network access control and fine-grained operation audit for container images and Helm charts.
Efficient and secure cloud-native application delivery	Container Registry Enterprise Edition allows you to create cloud-native application delivery chains that are observable, traceable, and configurable. Container Registry Enterprise Edition can automatically deliver applications all over the world upon source code changes in multiple scenarios based on delivery chains and blocking rules. This improves the efficiency and security of cloud-native application delivery.

Features of Container Registry Personal Edition

Feature	Description
Hosting of multi-architecture images	Container Registry Personal Edition supports container images that are based on multiple architectures, including Linux, Windows, and ARM.
Flexible region selection	You can create and delete repositories in different regions based on your business requirements. Each repository has three endpoints, which can be accessed over the Internet, internal network, and a virtual private cloud (VPC).
Image scanning	Container Registry Personal Edition allows you to scan images for security risks and provides detailed information about image layers. After an image is scanned, Container Registry Personal Edition provides a vulnerability report for the image. The report includes detailed vulnerability information, such as the vulnerability number, the vulnerability severity, and the version in which the vulnerability is fixed.

Architecture

The following figure shows the architecture of Container Registry. For more information about the functional components in the figure, see the help documentation.

Specifications of different editions

The following table describes the specifications of Container Registry Personal Edition and Enterprise Edition. In the following table, ticks (✔️) indicate that a feature is supported, and crosses (❌) indicate that a feature is not supported.

Module	Feature		Container Registry Personal Edition	Container Registry Enterprise Edition
				Basic Edition	Advanced Edition
Artifact management	Container images	Hosting
		Namespace quota	3	15	50
		Public repository quota	300	1000	5000
		Private repository quota
		VPC quota for Access Control List (ACL)		3	7
	Helm charts	Hosting
		Namespace quota		15	50
		Public repository quota		1000	5000
		Private repository quota
	OCI artifacts
	Immutable version
	Version management (automatic version deletion)
Artifact building	Task quota for concurrent artifact building		1	3	10
	Intelligent acceleration
	Multi-architecture image building
Artifact security	Artifact scanning by using multiple engines
	Vulnerability fixing
	Risk blocking
	Signature generation and verification
	Network access control
	Operation audit
Artifact distribution	Distribution performance (QPS of image pulling)		Not guaranteed	250	1000
	Distribution in P2P mode
	On-demand distribution
	Global image replication
	Artifact subscription			5	30
Artifact delivery	Event notifications
	Image pulls without using a secret
	Cloud-native application delivery chains
Instance management	Custom domain names
	Fast image migration from Harbor instances