Richard Bucker

if microservices then why a registry

Posted at — Jul 21, 2016

By definition I expect a microservice to have a small executable which means a small amount of source code. Therefore what is the benefit of a public registry giving evildoers a brand new vector to inject bad code into my system. It’s particularly dangerous since the registry is binary, the source cannot be authenticated, and even so, just like the many other land grabs for vanity usernames leaving open ┬áthe possibility of impersonation and so on.It seems to me:that ALL registries should be privateI should be able to link to a repo with either a Dockerfile in the project or one I might inject in the registry which might itself be a repoI should be able to specify the trigger rules for updatingI should be able to connect to a zero config build-clusterIf you represent an enterprise you’re already doing this or you should. If you’re not an enterprise and you’re not doing this then you will eventually be someone’s bitch.