Skip to main content

Lessons on the registry

  • Self-hosting closes the supply chain. Everything the cluster runs was built and stored by you.
  • It's an API + a blob store + auth + TLS. Each piece is simple; the value is in assembling them safely.
  • Push to the TLS name, not a plain-HTTP address. Saves per-client "insecure registry" configuration — another win from edge TLS.
  • Garbage-collect inside a read-only window, and always restore writes. Cleanup against live data demands a safety net; a guaranteed-undo trap is that net.
  • Watch your storage. Without periodic GC, deleted tags quietly keep consuming disk forever.

No comments to display

Back to top