Private OCI Container Registry

Private images,
hosted next to your apps

Push to cr.danubedata.ro, pull from Rapids, VPS, Kubernetes, or your laptop. Per-tenant isolated, Vault-signed JWT auth, Ceph-backed EU storage. Same Docker CLI — just change the registry.

100% OCI v2 Compatible Zero US Jurisdiction Auto-wired to Rapids No Per-Pull Fees

Push your first image

in 60 seconds
cr.danubedata.ro · docker ready
$ docker login cr.danubedata.ro \
-u dd-acme-ci-xxxxxx
Login Succeeded
$ docker tag api:v1 \
cr.danubedata.ro/acme/api:v1
$ docker push \
cr.danubedata.ro/acme/api:v1
v1: digest: sha256:7a8b... size: 2,418
$ danube rapid create \
--image cr.danubedata.ro/acme/api:v1 \
--credential dd-internal
Rapid api · pulled in 1.8s
Starter
Free
Storage
500 MB
Repos
1
Push your first image

Free Starter tier · Billed hourly on paid plans · Cancel anytime

European-Owned
GDPR Compliant
German Data Centers
Vault-Signed JWTs
OCI v2 Compatible
DPA Included

From docker login to Rapid pull

Four steps. No registry deployment, no JWT plumbing, no TLS chores.

Step 1

Create an Access Key

Generate a scoped push or pull key from your team dashboard. Token shown once.

Step 2

docker login

Authenticate against cr.danubedata.ro from your laptop, CI, or any host with Docker installed.

Step 3

Push Your Image

Tag your image with your team namespace and push. Blobs land in our EU Ceph store.

Step 4

Pull From Anywhere

Pull from Rapids, VPS, Kubernetes, or your laptop — including auto-pull for Rapids deployments.

Built for multi-team production

Not a single-tenant Distribution pod with a custom auth shim — a real platform-grade registry.

per-team

Per-Tenant Isolation

Repositories namespaced under your team slug. Cross-team pulls blocked at the token service; /v2/_catalog scoped to your team only.

tenant boundary
200 GET /v2/acme/api/manifests/v1
401 GET /v2/beta-team/secret/manifests/v1
401 GET /v2/_catalog  (cross-team)

Scoped Access Keys

Per-environment or per-CI keys with push+pull or pull-only scope. Revoke at any time.

Vault-Signed JWTs

Short-lived (5-min TTL) tokens signed with a Vault-managed keypair. Rotation built in.

Auto-wired to Rapids

Every team is provisioned an internal pull credential when their first Rapid is created — no imagePullSecret plumbing needed.

OCI v2 Compatible

Upstream CNCF Distribution. Docker, podman, buildah, Kaniko all work out of the box.

Ceph-Backed Storage

Blobs in our self-hosted Ceph cluster in Falkenstein. SSE encryption via Vault-managed keys.

Garbage Collection

Daily GC reclaims storage from unreferenced blobs. Trigger manually on demand.

EU-Resident Data

Image data, audit logs, and credentials stay in Germany. GDPR compliant by design.

Built for Every Image Workflow

From shipping to Rapids to mirroring base images, the registry meets you where you are.

Auto-wired

Rapids Image Source

Build your image in CI, push to cr.danubedata.ro, and deploy to Rapids on the same domain. No third-party registry, no rate limits, no cross-region pull.

ci · push · pull · deploy live
pushcr.danubedata.ro/acme/api:sha-7a8bsize142 MB · 6 layersdeployRapid api · pulled in 1.8sauditkey=ci-prod scope=push_pull ip=10.0.4.1

Private CI Artifacts

Push build artifacts from GitHub Actions, GitLab CI, or any pipeline. Keep proprietary images off public registries.

Build artifactsPre-release tagsPR previews

Vendored Base Images

Mirror upstream base images so your builds and deploys are insulated from upstream outages and rate limits.

Base image mirrorAir-gap pullsPin by digest

Kubernetes Workloads

Use Container Registry from any Kubernetes cluster — self-hosted or managed — with a standard image-pull secret.

ImagePullSecretsArgo CDHelm charts

Internal Apps & Tools

Distribute internal developer tools, dashboards, and CLIs as container images to your whole team without exposing them publicly.

Internal CLIsTeam toolingDemos

Simple, Predictable Pricing

Storage and repository count drive the plan. No per-pull fees, no rate limits beyond your tier.

Starter

€0.00/ month
  • 500 MB storage
  • 1 repositories
  • Unlimited access keys
  • Auto-wired Rapids credentials
Get Started

Basic

Popular
€3.99/ month
  • 5 GB storage
  • 5 repositories
  • Unlimited access keys
  • Auto-wired Rapids credentials
Get Started

Professional

€14.99/ month
  • 100 GB storage
  • Unlimited repositories
  • Unlimited access keys
  • Auto-wired Rapids credentials
Get Started

Need more than 100 GB? Talk to us about a custom plan.

Why not just run Distribution yourself?

You can — here is everything you skip by using the managed one.

Self-Managed DistributionDanubeData Container Registry
SetupStand up Distribution, configure TLS, wire to object storageAlready running at cr.danubedata.ro
AuthenticationImplement token service, JWT signing, key revocationDashboard-managed keys with Vault-signed JWTs
Multi-TenancyReverse-proxy filtering, custom catalog scopingPer-team isolation enforced at the token service
StorageProvision and operate S3/Ceph clusterBacked by our managed Ceph cluster
Garbage CollectionSchedule, run, monitor distribution-gcBuilt-in daily GC plus on-demand trigger
TLS & DNSManage certificates, DNS records, renewalsTLS and DNS handled by the platform
Rapids IntegrationManage imagePullSecrets on every deployAuto-wired credentials per team

Container Registry FAQ

Everything about cr.danubedata.ro.

  • A managed, multi-tenant OCI v2 (Docker Distribution) registry hosted at cr.danubedata.ro. Push private images from your laptop, CI, or any other registry, and pull them from anywhere — including Rapids, VPS, Kubernetes, or your local Docker. Every image is stored in our Ceph-backed EU object storage.

Explore More Solutions

Rapids

Serverless containers — pulls straight from your registry

Object Storage

S3-compatible storage on the same Ceph cluster

Virtual Machines

Pull your private images onto any DanubeData VPS

Your images, in the EU, next to your apps.

Push to cr.danubedata.ro, pull from Rapids, VPS, or your laptop — same registry, same region.

Push your first image

Free Starter tier · OCI v2 compatible · EU only · Auto-wired to Rapids