Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
A registry is just a content-addressable store with an HTTP API; Docker Hub is the default, but every cloud has its own — ECR on AWS, ACR on Azure, GCR/Artifact Registry on GCP, DOCR on DigitalOcean. The choice matters because Docker Hub now rate-limits anonymous pulls (100 per 6 hours per IP), which will brick your CI the moment you scale. Knowing how to authenticate, tag, and push to a private registry is the single biggest lever for a stable build pipeline.
Push the same image to Docker Hub, AWS ECR, GCP Artifact Registry, and DigitalOcean Container Registry to see the auth and naming differences.
demo:v1 image to two different registries and run docker images to confirm both tags point at the same image ID (same content, different names).docker login — note the ratelimit-remaining header difference.ecr:BatchGetImage but denies ecr:PutImage, then verify a push fails with denied while a pull still works.Use these three in order. Each builds on the one before.
In one paragraph, explain what a container registry is and why you would use a private one instead of Docker Hub, like I'm new to it.
Walk me through what happens during `docker push registry.example.com/foo:v1`, including the manifest, blob upload, and content-addressing, step by step.
Given a CI pipeline that runs 5,000 builds per day and is hitting Docker Hub rate limits, explain three different mitigations (pull-through cache, registry mirror, paid plan) and which you would pick for a 50-engineer team and why.
# AWS Elastic Container Registry (ECR):
aws ecr create-repository --repository-name demo --region us-east-1
ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
REGISTRY=$ACCOUNT.dkr.ecr.us-east-1.amazonaws.com
aws ecr get-login-password --region us-east-1 \
| docker login --username AWS --password-stdin $REGISTRY
docker tag demo:v1 $REGISTRY/demo:v1
docker push $REGISTRY/demo:v1
# Pull from another machine:
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $REGISTRY
docker pull $REGISTRY/demo:v1