A container registry is a server that stores container images and hands them out on request, identified by a repository name and a tag (for example, a name like nginx with a tag like 1.25). It is the container ecosystem’s counterpart to a package registry: where a language package manager pulls libraries by name and version, a container runtime pulls images by name and tag. When you run a container from an image you do not have locally, the runtime contacts a registry, downloads the image’s layers, and assembles it.
Docker Hub, run by Docker, is described as “the world’s largest container registry for storing, managing, and sharing Docker images.” It popularized the model, offering public and private repositories and a large catalog of pre-built images. Many other registries followed, including GitHub Container Registry, Red Hat’s quay.io, and cloud-provider registries such as Amazon ECR, as well as self-hosted options.
What makes images portable across all of these is a shared protocol. The Open Container Initiative’s distribution specification “defines an API protocol to facilitate and standardize the distribution of content,” covering how clients upload and download manifests and the content blobs (image layers and configuration) those manifests reference. Because the protocol is standardized, any compliant client can push to or pull from any compliant registry.
That interoperability is why a single registry can serve Docker, Podman, containerd, Kubernetes, and Helm alike: they all speak the same distribution API over the same OCI image format.