CloudRaya Container Registry
CloudRaya Container Registry (CCR) is a private container image repository that allows you to store, manage, and distribute container images securely within the CloudRaya platform.
It is designed to integrate seamlessly with CloudRaya Kubernetes (KubeRaya), CI/CD pipelines, and VM-based workloads, enabling reliable, controlled, and auditable container image workflows for both development and production environments.
Each CloudRaya account includes free registry storage, making it easy to get started without additional setup or infrastructure management.
What Is a Container Registry?
A container registry is a centralized service used to:
- Store container images
- Version images using tags
- Control access to images
- Distribute images to runtime platforms such as Kubernetes
In CloudRaya, the Container Registry acts as the source of truth for container images used by your workloads.
What CloudRaya Container Registry Is (and Is Not)
✅ What It Is
- A private container image registry
- Integrated with CloudRaya projects and access control
- Optimized for Kubernetes workloads
- Compatible with standard container tools (Docker, containerd)
❌ What It Is Not
- Not a public registry like Docker Hub
- Not a CI/CD pipeline
- Not an image build service
You build images elsewhere, then store and distribute them here.
Key Features
- Private registry by default
- Highly available storage
- Docker-compatible
- Free 10GB registry storage per account
- Simple credential-based authentication
How It Fits into the Container Workflow
Typical container workflow in CloudRaya:
Build Image
↓
Push to CloudRaya Container Registry
↓
Kubernetes pulls image
↓
Pods run containersThe registry acts as the bridge between your build process and your runtime environment.
Core Concepts
Registry
A registry is the top-level container image service created in your project.
- Scoped to a project
- Acts as the namespace for repositories
Repository
A repository stores related images.
Example:
my-app
my-backend
my-frontendEach repository contains multiple image versions (tags).
Image & Tags
- An image represents a specific build
- Tags identify image versions (e.g.
v1.0.0,latest)
Example:
registry.cloudraya.id/my-app:v1.2.3Integration with Kubernetes
CloudRaya Container Registry is designed to work natively with CloudRaya Kubernetes (KubeRaya).
Key characteristics:
- Kubernetes pulls images directly from the registry
- Authentication is handled using registry credentials
- Supports standard Kubernetes
imagePullSecrets
This enables:
- Private image deployments
- Controlled access per project
- Safer and more predictable production workflows
📄 See:
Security Model
Container Registry security is based on:
- Project-level access control
- Registry authentication credentials
- Explicit image deletion and lifecycle control
Best practices include:
- Using private registries for production images
- Rotating registry credentials
- Avoiding public image exposure
Common Use Cases
CloudRaya Container Registry is commonly used for:
- Private application images
- Internal microservices
- CI/CD pipelines pushing build artifacts
- Kubernetes production deployments
- Environment separation (dev / staging / prod)
When You Should Use a Private Registry
Use CloudRaya Container Registry when you need:
- Control over image access
- Reduced dependency on public registries
- Better security and compliance
- Reliable image availability for Kubernetes
For experimentation or open-source images, public registries may still be suitable.
Getting Started
To start using Container Registry:
- Create a registry
- Authenticate using container tools
- Push images to the registry
- Pull images from Kubernetes or other runtimes
Start here: