
Amazon EC2 Container Registry - pzb
https://aws.amazon.com/ecr/
======
csomar
This is really much needed (if they did it right). The container registry @
docker is terribly broken and the user experience is frustrating. I ended up
using Git repositories + building on server because it was "so unusable".

Hopefully, this changes things.

~~~
unquietcode
In a (brief) defense of Docker Hub, it has gotten WAY better in just the last
6 months. UX is sufficient for the number of times you interact with the
website, versus command line. Still it is very slow and this has an impact on
my continuous deployment ambitions.

In a world where we routinely ship 0.x tools to production, it may feel a bit
peculiar to see 2.0 as being the first 'production ready' version for Docker's
suite of tools, but that very well may be the reality.

~~~
kordless
Are you using it to build images? Anyone know of an image building service
other than the current CI/CD suspects?

~~~
joeyspn
Maybe something like [https://www.tutum.co/](https://www.tutum.co/)?

~~~
kordless
"coming soon" is listed on their build service, so no. I wonder if they do
that in an unprivileged container?

------
jbeda
If you want to use a reasonably priced non-Docker-run registry that is
available today, check out the Google Container Registry:
[https://cloud.google.com/container-
registry/](https://cloud.google.com/container-registry/)

It recently hit GA and is super fast. You can use it from anywhere -- not just
GCE.

(Disclaimer: I used to work at Google on GCE/GKE/Kubernetes).

~~~
zobzu
It;d be nice if someone proposed a comprehensive comparison of google cloud vs
aws, including featureset compare, porting-to-and-from compare, and
benchmarks.

/dream

~~~
miles932
disclaimer: I work at GCP

Let's not dream, let's get started! A few challenges (list gets longer every
day, some asymmetric features), but I think it's a great idea. Since it's got
to be grown/updated constantly, where should it live, maybe a github page?
Benchmarks is pretty close via this:
[https://github.com/GoogleCloudPlatform/PerfKitBenchmarker](https://github.com/GoogleCloudPlatform/PerfKitBenchmarker)
I'm interested; what parts do you think you could contribute? It strikes me as
a thing that's far more valuable if the community does it.

~~~
zobzu
yeah its far more valuable for me if someone does it for me too hahaha.

id think google has enough money to assign people to it if they want them to
switch from aws. community can always build on that.

------
andrewstuart2
This is definitely a great move for Amazon. As it is now, the docker registry
is ridiculously difficult to get set up and secured.

That said, I find myself wishing that Amazon would contribute more back to the
Docker project (specifically the registry in this case), and then provide a
hosted option with IAM integration, etc.

The existing AWS ecosystem is already enough for me to want to stay with them,
but I'd say the Docker ecosystem is fragile enough that it could use some
bolstering just to keep it viable and ensure Amazon's investments don't go
down the tube if something better comes along.

~~~
wstrange
Docker and Kubernetes turn cloud providers into a commodity - which is why
Amazon is not keen on promoting them more than is required to satisfy market
demand.

If you are the market leader, lock in is your strategy; Hence the launch of so
many new AWS services.

Google's play with Kubernetes is to reduce the dependency on proprietary cloud
features. They are betting they can deliver better/faster/cheaper cloud
services when compared to AWS. It should be interesting to watch, and great
for us consumers of cloud services.

~~~
andrewstuart2
I think Kubernetes is a good example of the right way to go about things. It
gives a taste of what's possible on Google infrastructure and lowers the
migration cost if you decide to move to Google (from what I understand).

Both Google and Amazon will hugely benefit just by making the internet more
ubiquitous (all roads lead to Rome). Google seems to realize that providing
great open-source tools and systems is a good way to bolster their business.
Amazon, on the other hand, provides great infrastructure but doesn't seem to
be incredibly interested in anything that doesn't increase lock-in.

------
knodi123
Can anyone comment on how this compares to [http://quay.io](http://quay.io)?
We use that, and I'm less than impressed.

~~~
jakemoshenko
PM for Quay.io here, my contact information is in my profile if you would like
to discuss ways in which we can improve the product. We are always looking for
ways to deliver the best possible experience.

~~~
knodi123
UX:

1\. You have big rectangular elements that represent repositories, but 90% of
that rectangle is dead space. Apply the click event to the whole rectangle,
not just the title of the repo.

2\. As a user, I am solely a member of an organization. I don't need to see a
dashboard with just 3 starred project, 3 random projects from my org, and 3 of
my personal projects (of which there are 0). Just let me start at my org's
page, or let me see every project from my org on the dashboard.

3\. Wtf is the "list view" link on my dashboard? It appears to just show me 3
random projects out of the 9 in my organization, and completely hide the
"starred" and "personal" sections?

Bugs:

1\. Until recently, the Sign Out link 100% always threw an HTTP 500 error.
Today, that is not happening? Who knows. Weird.

2\. My IT guy created an account for me. As a result, I received an email with
a login link. However, 24 hours later, I was logged out and could not log back
in, because I never had a password set. Had to get the IT guy to send me
another welcome email. __IF PEOPLE NEED TO SET UP A PASSWORD, YOU SHOULD FORCE
THEM TO, NOT HOPE THEY EVENTUALLY POKE AROUND AND FIND THE SET PASSWORD
SCREEN. __

------
mthenw
Short price comparison:

AWS ECR: $0.10/GB-month (+ data transfer)

quay.io: $12/month - cheapest plan (5 repos)

docker.com: $7/month - cheapest plan (5 repos)

[https://aws.amazon.com/ecr/pricing/](https://aws.amazon.com/ecr/pricing/)
[https://quay.io/plans/](https://quay.io/plans/)
[https://www.docker.com/pricing](https://www.docker.com/pricing)

------
datadata
Self hosting a registry
([https://hub.docker.com/_/registry/](https://hub.docker.com/_/registry/)) on
aws backed by s3 storage is fairly easy and is already available today.

~~~
techdragon
Except that has no UI. (At least last time I checked)

~~~
snockerton
No UI out of the box (Registry:v2). DTR has a 'health' UI that is pretty
worthless since you can't browse images. There are other frontend tools that
work with registry:v2 though, such as Portus:

[https://github.com/SUSE/Portus](https://github.com/SUSE/Portus)

------
pbreit
Is this a blow to Docker the company? Probably not unexpected?

~~~
toomuchtodo
I think Docker having a hard time convincing people to buy their cogs when
anyone can build and sell them.

~~~
jakozaur
Especially when other price their registry as low margin business.

~~~
toomuchtodo
It's crazy. Amazon's container registry only charges you for the storage,
which means they've got something like ELBs tuned for this, so they don't care
about the instance time on their side. They're only charging you for what
you're storing in S3 (although at 10 cents/GB, it _is_ more expensive then
straight S3, but still extremely reasonable for not needing to manage your own
registry).

------
jfindley
What I'd really like is an all-in-one service that incorporated Docker Content
Trust[0]. While I'd prefer that they'd used something a bit more mainstream
(e.g. GPG), some image signing is better than none at all.

Doing this today requires a fair bit of extra infrastructure over a basic v2
registry, and really it'd be much nicer to have a single service that was able
to manage this.

0: [https://blog.docker.com/2015/08/content-trust-
docker-1-8/](https://blog.docker.com/2015/08/content-trust-docker-1-8/)

~~~
tonyhb
GPG wasn't chosen because it's not as secure as content trust. Content trust
provides all that GPG provides plus:

\- Replay attack prevention

\- Freshness guarantees (so you can't be given older, vulnerable images)

\- Trusted, delegated signing

------
kin
These past two days has been a crazy barrage of Amazon products. Way to ship,
especially after all the hard work articles about them recently.

~~~
muzmath
That's because ReInvent is going on:
[https://reinvent.awsevents.com/](https://reinvent.awsevents.com/)

This is typically when they release stuff

------
zaczac
too many Amazon cloud news.

