Why run your own registry

The CI runner builds images; they have to live somewhere the cluster can pull them. You could push to a public registry, but a self-hosted one keeps the whole artifact flow inside the lab — and it's a great thing to understand, because a registry is conceptually simple and operationally has a couple of sharp edges worth meeting.

This lab runs the CNCF Distribution registry (the registry:2 image) on Registry-Server (10.100.100.6), with a web UI alongside it.

build runner --push--> registry.example.com --pull--> Kubernetes
                          (10.100.100.6)

Why we use this: keeping images in-house closes the supply-chain loop — every artifact the cluster runs was built by your runner and stored on your registry, with nothing fetched from a third party at deploy time. For a platform you want to fully explain, that self-containment is worth the small operational cost.