I'm a Docker newbie but, don't private registries go against the spirit of Docker and basically every infrastructure automation tool created in last 5 years? I can't even see enterprisey companies finding this useful because their IT policies are so strict that having config on someone else's servers, private or not, is against their wonky rules.
First, in the real world private registries are used for builds containing source, sensitive keys, and so forth. There is a use case here.
But second, no enterprisey company will use a service that bills like this, because
-$4 and $250 per month all rounds down to zero, so it's not a selling point
-$4 signals no support when the shit inevitably hits the fan
-$4 signals this company will tank along with your data in a month
An enterprise company with actual money will take an hour or two of dev time to boot up one of the open source registries (https://github.com/dotcloud/docker-registry) and stay in control.
Source: working at a Docker startup for almost a year
I've worked with organizations where it would be impossible to get a $5 DigitalOcean box, while, at the same time, a $1,000 subscription for something would not be an issue. Enterprise companies would rather pay you a hundred times what you think is a reasonable price, if it can save them time.
I assure you we've debated this a lot before putting out that pricing. There is a way to do this and do this well. For us pricing docker hosting competitively is the best way to do it, especially for a startup ecosystem that is only just beginning to wake up to the potential of docker-based testing and deployment.
If you are interested in the corporate market, you probably will want to offer a special 'Enterprise' pricing plan that includes 'Enterprise-y' features at a higher price point [e.g. $249 / 250 repository minimum]
We will. But we won't be offering an enterprise plan while we're in beta :)
Sure we're sending a signal that we're not ready for enterprise folks. I can be candid in saying that we'd rather be the digital ocean of dockers than an AWS. at this point :p
Not really - much like private repos on github don't go against the spirit of github's public repos. The kind folks at Docker, Inc. the company behind this fantastic technology, themselves recently announced a commercial private registry service too. They kinda beat us to it ;)
This is just a part of XaaS infrastructure and XaaS is widely used. Git hosting (e.g. GitHub), file hosting (e.g. S3), VM or container "hosting" (e.g. Heroku), mails... Why can't Docker images couldn't be hosted in the cloud ?
There are still a whole bunch of companies who aren't on the bandwagon of putting their code up on the Internet. In fact, there are a whole bunch of companies who likely cannot due this due to various regulations and contracts with their clients.
I'd also add that closed and open source often feed into each other in a kind of symbiotic relationship. Sounds controversial to the libertarians and hard-core open source folks but that's the way it usually plays out.
I'm uncertain as to why I'd use this over the official project offering [ https://index.docker.io/plans/ ] at roughly the same price point? [e.g. $50/month = 50]?
for one you can get started with a private repo without paying for it. You can securely share it with your entire team and not pay one cent, and you can do that just by creating an account on gandalf.io.
Secondly, for those who're starting out using dockers, a four docker plan is optimal because most folks use a combination of containers inheriting from public and private repos. So you can pay $4 per month for 4 repos using gandalf.io whereas you have to pay a minimum of $7 per month for docker.io's service.
Thirdly, this is just the beginning and we're working on a roadmap of features, some of which docker.io might not provide.
Fourth - support is important when using a service, and support can have a specific flavour when using a startup offering. try gandalf.io to understand the flavor :) !
Given humans are irrational, even offering the exact same service at the exact same price point, but with a different name, is a viable business plan in a niche without competitors.
There are already private Docker registries out there. My company uses https://quay.io , for example, and Docker has its own private registry. How does Gandalf compare to these existing offerings, besides on price?
Security for Docker images is just as important, and in some cases more important than it is for code assets. What protection does Gandalf offer against unauthorized downloading of images/layers, and tampering with images stored in the repository?
Does Gandalf plan to support features like building images from a Dockerfile, ideally sent via GitHub repo hook? This is a great workflow convenience offered by both Quay and Docker.
Quay.io is a great product and if you're happy with it we don't recommend moving to Gandalf.io.
Gandalf.io went live yesterday and still very much in early beta and we're still improving the functionality and experience. The reason we decided to set up Gandalf was because we think this is a huge potential market with space for at least 3-4 players. We also think docker containerisation is more than just enterprise devops preserve and want to lower the threshold for startups and individual developers to get started.
Gandalf.io has an auth layer wrapped around the standard docker registry and you can access it via SSL using the docker api (this includes the docker CLI). We're still examining ways in which we can strengthen the security of the system and are open to suggestions and insights.
Github based builds are in the upcoming release slated for next week. Sign up for the free plan and you'll be notified by email when that happens.
Please don't equate the two when posting on HN. People here are offering comments, insight, and opinions. It shouldn't be surprising if they are not in agreement with you on certain aspects.
Our goal is to integrate your docker workflow very tightly with github. The user will be able to decide which features to switch on and off and whether to write or only read! Obviously we'd rather announce these features when they're ready and we'd rather collect the data upfront so we don't have to prompt the user once again when they sign in.
That seems like an OAuth anti pattern. Why would you ask the user for every permission when they're signing up? That can only hurt conversions. Ask for the bare minimum, and then request more permissions if the user does something within the app that needs them. Especially for something as sensitive as this, you want people to feel safe using the product and you can't do that by scaring them when they hit "Sign Up with GitHub."
I do agree that's something we might have to change if the signups slow down. And we need to do a cost-benefit on that perhaps. At the moment, folks are signing up though :)
Which perhaps shows how little "folks" care about who they share their data with. Additionally I have private organisation repos that I really don't want you taking a peek at. Sorry, no dice for me unless this is tightened up.
You're right. We received more than a few brickbats for this since yesterday. So we changed the github oauth request scope. As it stands now, the data we request is only the user scope which includes the user's private email address (https://developer.github.com/v3/oauth/#scopes). We'll add additional scope requests if a user elects to use our upcoming github build feature.
We're currently offering the service without constraints - its still a beta offering and we could add limits later on. We're assuming you'll build a docker within reasonable limits - say 3-4GB max.
Heh. yeah. its worked for us so far internally. we're scratching our own itch. and it certainly could use a lot of polish. but we think our core focus on docker collab could help us fine tune it and provide a fantastic service with all the support devs need.
