Google is Adding a Private Registry to its Docker Arsenal

Google, continuing its investment in containers and cluster management, is swiftly building a private Docker registry offering for its customers. Given the importance of security and compliance, enterprises have been reluctant to use publicly accessible Docker repositories. Private registries enable secure and rapid storage and retrieval of Docker images. We will be testing this out in the coming weeks.

Google was one of the first public cloud providers to offer container hosting and cluster management capabilities. It started with Container Optimised VMs followed by Managed VMs, Kubernetes and finally Google Container Engine (GKE). Despite these improvements, customers still had to store Docker images on the public Docker Hub or create a private registry in one of the VMs.

This process will be eliminated when Google unveils Google Container Registry hosted on Google Cloud Platform. DevOps teams will be able to pull and push images from the registry on the same infrastructure. Google Container Registry is integrated with Google Accounts. It exposes an HTTP endpoint at that is accessible within its cloud platform or on-premises infrastructure. Container images are stored in a Google Cloud Storage bucket. When an image is pushed for the first time, a dedicated bucket is created within the same Google account to store the image. Owners and admins of the project can pull and push the images while users with project viewer permission can only pull images. The command line utility of Google Cloud Platform, gcutil is updated to support pull and push operations. Images stored in Google Container Registry can be used from Container Optimized VMs, Managed VMs, Kubernetes, and Google Container Engine Pods.

Google Container Registry

Google Container Registry - Source: Gigaom

Source: Gigaom Research

Other vendors serious about Docker and containers are also investing in private registries. CoreOS acquired, a hosted private docker repository company and Tutum, a Docker hosting platform also offers a private registry. Docker, Inc. acquired Koality to augment its enterprise hub offering. Koality’s speciality was continuous integration and deployment of containerized applications. By integrating CI/CD with its native registry, Docker, Inc. can attract enterprise customers.

Docker Hub Enterprise (DHE) was announced at DockerCon Europe 2014. DHE delivers workflow capabilities for developers and sysadmins managing a dynamic lifecycle behind the enterprise firewall. DHE is a drop-in solution that allows enterprise developers to focus on creating multi-container distributed applications behind-the-firewall. DHE’s first release comes with an installer, GUI configuration, resumable push/pull of images, flexible storage capability with support for local filesystem, in-memory and Amazon S3.

AWS, IBM, and Microsoft host DHE on their respective public cloud offerings. IBM pledged its support to integrate DHE with SoftLayer and Bluemix while Microsoft will host DHE natively on Azure. AWS will offer DHE as an appliance through its Test Drive program. It may eventually get listed in AWS Marketplace. While this seems like just another partnership announcement, there is more to it: Google is conspicuously missing from the list. Google had clear plans to build a complete container platform with private registry as the cornerstone of its strategy. This made Google opt out of DHE partnership.

The Gigaom Research Perspective

It is clear that Google has a dual strategy when it comes to containers.

1) Embrace Docker – Google has been running containers for a long time. Instead of exposing its internal toolchain for managing the lifecycle of containers, it decided to support Docker, which has a vibrant community and ecosystem of developers. It then open sourced Kubernetes, a cluster management and orchestration tool that enjoyed huge popularity among Docker users. Meanwhile, Google started adding native Docker support to App Engine and Compute Engine making it easy for developers to launch and manage containers on its public cloud. Google wants its cloud platform to be the best public cloud to run Docker containers.

2) Monetize Container Building Blocks – Docker is the most successful open source project after Linux. There are over a hundred startups building tools and components around Docker but it is still not clear how these startups will eventually make money. Docker, Inc. is busy assembling all the key building blocks to make its platform complete for enterprise customers. With early investments made in containers, Google doesn’t want to miss the opportunity of commercialising its intellectual property. While Kubernetes is open source and available on a variety of cloud platforms, Google Container Engine abstracts it further, delivering a simplified experience of deploying and managing clusters. When developers use GKE, they indirectly consume compute, storage, and database services. Container registry is an important step towards technologies such as Rocket and LXD on its platform. It will certainly impact Docker, Inc. and its ecosystem.