Skip to main content

Menu

LEVEL 0
0/5 XP
HomeAboutTopicsPricingMy VaultStatsPractice TestsCertifications

Categories

🎓 Certifications
🤖 Artificial Intelligence
☁️ Cloud and Infrastructure
💾 Data and Databases
💼 Professional Skills
🎯 Programming and Development
🔒 Security and Networking
📚 Specialized Topics
CheatGrid
HomeAboutTopicsPricingMy VaultStatsPractice TestsCertifications
LVLEVEL 0
0/5 XP
GitHub
© 2026 CheatGrid™. All rights reserved.
Privacy PolicyTerms of UseAboutContact

Container Registries Cheat Sheet

Container Registries Cheat Sheet

Back to Containers Orchestration
Updated 2026-05-25
Next Topic: Container Resource Management Cheat Sheet

Container registries are centralized repositories for storing, managing, and distributing container images, serving as the critical bridge between image builds and deployments. These registries implement the OCI Distribution Specification, ensuring interoperability across tools and platforms while providing features like access control, vulnerability scanning, image signing, geo-replication, and OCI artifact storage. Whether using public registries like Docker Hub or private registries like ECR and Harbor, understanding authentication methods, tagging strategies, and lifecycle management is essential for secure and efficient container operations. A key insight: always reference images by digest rather than tags in production to guarantee immutable deployments, and leverage pull-through caches to avoid rate limits and reduce latency.

What This Cheat Sheet Covers

This topic spans 16 focused tables and 135 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Popular Registry ProvidersTable 2: Authentication MethodsTable 3: Pull Secrets & Access ControlTable 4: Image Tagging StrategiesTable 5: Multi-Architecture ImagesTable 6: Registry Mirrors & CachingTable 7: Image Management CLI ToolsTable 8: OCI Artifacts & Non-Image StorageTable 9: Image Retention & CleanupTable 10: Replication & Geo-DistributionTable 11: Registry APIs & IntegrationTable 12: Image Signing & VerificationTable 13: Vulnerability Scanning & SBOMsTable 14: Advanced Security FeaturesTable 15: Monitoring & ObservabilityTable 16: Registry Storage Backends

Table 1: Popular Registry Providers

Choosing the right registry depends on your cloud ecosystem, security requirements, and whether you need public distribution, private internal hosting, or self-hosted control. All major modern registries implement the OCI Distribution Specification, making images portable across providers.

ProviderExampleDescription
Docker Hub
docker pull nginx:latest
docker push myuser/myapp:1.0
• Most widely used public registry with official vendor images, Docker Verified Publishers, AI model catalog, and MCP server catalog
• Rate limits: 100 pulls/6h per IP (unauthenticated), 200/6h (free authenticated), unlimited (Pro/Team/Business).
GitHub Container Registry (ghcr.io)
docker pull ghcr.io/owner/image:tag
docker login ghcr.io -u user -p $GITHUB_TOKEN
• Integrated with GitHub Actions
• uses GITHUB_TOKEN or personal access tokens for auth
• supports public images without authentication, Helm charts, and other OCI artifacts.
Amazon ECR
aws ecr get-login-password | docker login
docker push 123456.dkr.ecr.us-east-1.amazonaws.com/repo:tag
• AWS-managed registry with IAM-based access control
• auth tokens expire after 12 hours
• supports OCI 1.1 with Referrers API, vulnerability scanning via Amazon Inspector, and lifecycle policies.
Azure Container Registry (ACR)
az acr login --name myregistry
docker push myregistry.azurecr.io/image:tag
• Enterprise-grade registry with geo-replication, private endpoints, and RBAC
• supports service principals, managed identities, and admin credentials
• integrates with AKS seamlessly and supports OCI artifacts including Helm, Bicep, and WASM.
Google Artifact Registry
gcloud auth configure-docker us-docker.pkg.dev
docker push us-docker.pkg.dev/project/repo/image:tag
• Successor to GCR
• supports Docker, Helm, Maven, npm, Python, and more
• fine-grained IAM, vulnerability scanning via Binary Authorization, CMEK encryption, and multi-region replication.
Harbor
docker login harbor.example.com
docker push harbor.example.com/library/app:v1
• CNCF-graduated open-source registry with RBAC, multi-tenancy, replication, webhooks, and Trivy scanning
• supports OCI v2.0, auto-SBOM generation on push, and Harbor Satellite for edge deployments.
JFrog Artifactory
docker login mycompany.jfrog.io
docker push mycompany.jfrog.io/docker/image:tag
• Universal artifact manager supporting Docker, Helm, Maven, npm, and 30+ package types
• OCI v1.1 compliant with Referrers API; enterprise features include advanced RBAC, AQL query language, and CDN distribution.

More in Containers Orchestration

  • Container Orchestration Patterns Cheat Sheet
  • Container Resource Management Cheat Sheet
  • Argo Rollouts and Progressive Delivery Cheat Sheet
  • Container Debugging & Troubleshooting Cheat Sheet
  • Docker Cheat Sheet
  • Knative Serverless on Kubernetes Cheat Sheet
View all 38 topics in Containers Orchestration