Product reference pages are available in English only.
Containers

IONOS Cloud Container Registry

What Is It?

Private Container Registry is a fully managed, OCI-compliant registry for storing and managing Docker container images and OCI artifacts. The service provides authenticated access over the public internet with encryption at rest, token-based access control, and optional vulnerability scanning. IONOS operates the underlying infrastructure with automatic security patches and updates. Supports standard Docker CLI and Docker Registry HTTP API V2 workflows.

Quick Facts

Aspect Details
Type Managed OCI-compliant container registry
Compliance OCI (Open Container Initiative) standard
Authentication Token-based with registry or repository scopes
Encryption Automatic encryption at rest (platform-managed keys)
Vulnerability Scanning Optional add-on (CVE database scanning with CVSS ratings)
Location Specific IONOS data center region (immutable after creation)
Management DCD, Cloud API, DevOps Tools, Docker CLI

What You Can Do

Store Container Images

Push Docker images and OCI artifacts to private repositories with authenticated access. Create multiple repositories per registry for logical separation by project, environment, or team.

Token-Based Access Control

Generate unlimited or limited-scope tokens for push, pull, list, or delete operations. Scope tokens to entire registry or specific repositories. Configure optional expiry dates and disable tokens as needed without deleting them.

Vulnerability Scanning

Enable optional scanning of every pushed artifact against CVE databases. Receive severity ratings (CVSS 0-10 scale) and searchable results. Registry automatically rescans when new vulnerability definitions are published.

Note: Scanning cannot be disabled once enabled.

Garbage Collection

Schedule weekly garbage collection to clean up unreferenced image layers and free storage. Configure day and time for automatic runs.

Note: Registry is read-only during garbage collection.

Docker CLI Integration

Use standard Docker commands (login, push, pull, delete) with full Docker Registry HTTP API V2 compatibility. Integrate seamlessly with CI/CD pipelines without custom adapters.

Multi-Repository Management

Host many separate repositories within a single registry. Organize images by application, microservice, or deployment stage. Note: Fine-grained repository-level access control is not available; token permissions apply at the registry level..

Best For

Scenario Why It Fits
Kubernetes deployments Store images for Managed Kubernetes or Red Hat OpenShift clusters
CI/CD pipelines Integrate with automated build and deployment workflows
Microservices architectures Separate repositories per service with independent access control
Secure software supply chain Vulnerability scanning identifies CVEs before deployment
Multi-environment deployments Organize images by dev, staging, production with repository scopes
Team collaboration Token-based access control for different roles and permissions

Consider Alternatives If

If You Need... Consider Why
Public container image hosting Docker Hub, GitHub Container Registry No authentication required for public access
Self-hosted registry with full control Harbor on Compute Engine Custom configuration and user-managed infrastructure
Artifact storage beyond containers IONOS Cloud Object Storage General-purpose object storage for any artifact type

Key Considerations

Billing & Costs

  • Main billing: EUR 0.04 per GB of storage per 30 days
  • Storage: Based on total image storage consumed
  • Vulnerability scanning: Optional add-on (EUR 0.02 per GB per 30 days)
  • Data transfer: Network traffic (image push/pull) is not charged

Limitations

  • Location immutability: Registry location cannot be changed after creation
  • Encryption keys: Platform-managed only (cannot supply customer-managed keys)
  • Vulnerability scanning: Cannot be disabled once enabled
  • Garbage collection downtime: Registry is read-only during scheduled runs
  • No anonymous access: All operations require token authentication
  • No geo-replication: Single-region deployment (location selected at creation)

Management Options

  • Data Center Designer (DCD): Create registries, manage repositories, generate tokens, configure garbage collection
  • Cloud API: Programmatic access for registry lifecycle, token management, vulnerability scan results
  • Docker CLI: Standard docker login, push, pull, tag, rm commands
  • CI/CD integration: Jenkins, GitLab CI, GitHub Actions, CircleCI via Docker CLI