

Show HN: Gandalf – $1 private Docker registries - lexaude
http://gandalf.io
We just released Gandalf.io, a private docker registry-as-a-service. We&#x27;ve kept it really simple and affordable. The first private docker is free and the rest come in plans all priced at $1 &#x2F; docker.
We built Gandalf.io as an internal tool to manage and access our dockers and liked it so much we&#x27;re releasing it as a service.<p>Gandalf.io is built by a small team of developers for fellow developers. We&#x27;re eager to do more like managing trusted builds, continuous integration and continuous deployment, as a single pipeline using only dockers on our platform. For now though we think empowering teams to get started with dockers by sharing them easily and using the standard docker cli will do.
======
rubiquity
I'm a Docker newbie but, don't private registries go against the spirit of
Docker and basically every infrastructure automation tool created in last 5
years? I can't even see enterprisey companies finding this useful because
their IT policies are so strict that having config on someone else's servers,
private or not, is against their wonky rules.

~~~
aegiso
First, in the real world private registries are used for builds containing
source, sensitive keys, and so forth. There is a use case here.

But second, no enterprisey company will use a service that bills like this,
because

-$4 and $250 per month all rounds down to zero, so it's not a selling point

-$4 signals no support when the shit inevitably hits the fan

-$4 signals this company will tank along with your data in a month

An enterprise company with actual money will take an hour or two of dev time
to boot up one of the open source registries
([https://github.com/dotcloud/docker-
registry](https://github.com/dotcloud/docker-registry)) and stay in control.

Source: working at a Docker startup for almost a year

------
opendais
I'm uncertain as to why I'd use this over the official project offering [
[https://index.docker.io/plans/](https://index.docker.io/plans/) ] at roughly
the same price point? [e.g. $50/month = 50]?

~~~
lexaude
for one you can get started with a private repo without paying for it. You can
securely share it with your entire team and not pay one cent, and you can do
that just by creating an account on gandalf.io.

Secondly, for those who're starting out using dockers, a four docker plan is
optimal because most folks use a combination of containers inheriting from
public and private repos. So you can pay $4 per month for 4 repos using
gandalf.io whereas you have to pay a minimum of $7 per month for docker.io's
service.

Thirdly, this is just the beginning and we're working on a roadmap of
features, some of which docker.io might not provide.

Fourth - support is important when using a service, and support can have a
specific flavour when using a startup offering. try gandalf.io to understand
the flavor :) !

~~~
riquito
:-) Not to troll but the third point made me smile: "we don't have yet
features that our competitor doesn't have yet"

~~~
Confusion
Given humans are irrational, even offering the exact same service at the exact
same price point, but with a different name, is a viable business plan in a
niche without competitors.

------
fancyremarker
There are already private Docker registries out there. My company uses
[https://quay.io](https://quay.io) , for example, and Docker has its own
private registry. How does Gandalf compare to these existing offerings,
besides on price?

Security for Docker images is just as important, and in some cases more
important than it is for code assets. What protection does Gandalf offer
against unauthorized downloading of images/layers, and tampering with images
stored in the repository?

Does Gandalf plan to support features like building images from a Dockerfile,
ideally sent via GitHub repo hook? This is a great workflow convenience
offered by both Quay and Docker.

~~~
lexaude
Quay.io is a great product and if you're happy with it we don't recommend
moving to Gandalf.io.

Gandalf.io went live yesterday and still very much in early beta and we're
still improving the functionality and experience. The reason we decided to set
up Gandalf was because we think this is a huge potential market with space for
at least 3-4 players. We also think docker containerisation is more than just
enterprise devops preserve and want to lower the threshold for startups and
individual developers to get started.

Gandalf.io has an auth layer wrapped around the standard docker registry and
you can access it via SSL using the docker api (this includes the docker CLI).
We're still examining ways in which we can strengthen the security of the
system and are open to suggestions and insights.

Github based builds are in the upcoming release slated for next week. Sign up
for the free plan and you'll be notified by email when that happens.

------
wcchandler
Constructive criticism =/= trolling.

Please don't equate the two when posting on HN. People here are offering
comments, insight, and opinions. It shouldn't be surprising if they are not in
agreement with you on certain aspects.

That being said, best of luck!

~~~
lexaude
Thank you! yes, sometimes we misunderstand the intent of a comment. and
sometimes we don't :)

------
jander
Maybe I grok access privs incorrectly but..

Personal user data Full access This application will be able to read and write
all user data. This includes the following:

Private email addresses Profile information Followers

Why read AND write? Why all data?

~~~
lexaude
Our goal is to integrate your docker workflow very tightly with github. The
user will be able to decide which features to switch on and off and whether to
write or only read! Obviously we'd rather announce these features when they're
ready and we'd rather collect the data upfront so we don't have to prompt the
user once again when they sign in.

~~~
cmelbye
That seems like an OAuth anti pattern. Why would you ask the user for every
permission when they're signing up? That can only hurt conversions. Ask for
the bare minimum, and then request more permissions if the user does something
within the app that needs them. Especially for something as sensitive as this,
you want people to feel safe using the product and you can't do that by
scaring them when they hit "Sign Up with GitHub."

~~~
lexaude
I do agree that's something we might have to change if the signups slow down.
And we need to do a cost-benefit on that perhaps. At the moment, folks are
signing up though :)

~~~
jander
Which perhaps shows how little "folks" care about who they share their data
with. Additionally I have private organisation repos that I _really_ don't
want you taking a peek at. Sorry, no dice for me unless this is tightened up.

~~~
lexaude
You're right. We received more than a few brickbats for this since yesterday.
So we changed the github oauth request scope. As it stands now, the data we
request is only the user scope which includes the user's private email address
([https://developer.github.com/v3/oauth/#scopes](https://developer.github.com/v3/oauth/#scopes)).
We'll add additional scope requests if a user elects to use our upcoming
github build feature.

------
sabhiram
So what are sizing limits on each "repo" you offer? Unlimited?

I could not find a FAQ-esq section on your page, and was too lazy to "sign up
to (possibly) find out".

~~~
lexaude
We're currently offering the service without constraints - its still a beta
offering and we could add limits later on. We're assuming you'll build a
docker within reasonable limits - say 3-4GB max.

FAQ page coming up soon.

------
arb99
Good luck using something called 'Gandalf'..

~~~
lexaude
hmmm. I was a lawyer in a previous avatar. I think we're ok.

~~~
aegiso
Famous last words when going up against Goliath Hollywood.

~~~
lexaude
:D thank you.

------
nickstinemates
Best of luck guys, I love competition :)

~~~
lexaude
We love you guys. in fact, we didn't realize you guys were the competition
till we were in alpha :)

------
toisanji
what exactly is the use case for this?

~~~
lexaude
Sharing private containers among team members, especially when remote working.
That's the best use case.

Storing your own private containers for access from multiple locations or
machines.

Auto-deploying containers using the standard docker api

------
lexaude
btw, for support questions - we're #gandalfio on freenode

------
nubela
tempting at a gr8 price. all it has to do now is to work correctly.

~~~
lexaude
Heh. yeah. its worked for us so far internally. we're scratching our own itch.
and it certainly could use a lot of polish. but we think our core focus on
docker collab could help us fine tune it and provide a fantastic service with
all the support devs need.

