The increasing adoption of containerization and container orchestration has highlighted the need for secure and controlled distribution of container images. This talk will delve into the methods of distributing private container images and OCI artifacts, analyzing the strengths and weaknesses of various solutions, especially in contexts like software sales and custom builds for clients.

We will begin our discussion with hosted registries, highlighting their cost-effectiveness, ease of implementation, and low maintenance needs. Next, we will explore self-hosted solutions, which offer greater flexibility. Finally, we will examine the integration of an OCI-compatible registry with a custom authorization server. This setup allows the incorporation of complex business logic into authorization decisions, such as custom IAM and product subscriptions. While this adaptable and cost-efficient approach may involve custom development, we will provide a thorough analysis of its implications.