Design a container image registry

Design a cloud service for storing and distributing container images, similar to a hosted container registry. The system should support: - Pushing container images from developers or CI/CD pipelines - Storing image layers and metadata - Tagging versions such as `latest`, `v1.2.3`, and commit-based tags - Pulling images efficiently from many clients across regions - Sharing private repositories with teams and controlling access - Avoiding re-uploading or re-downloading layers that already exist - Cleaning up unreferenced data safely Discuss: - Functional and non-functional requirements - Core APIs and upload/download flows - Metadata schema for repositories, manifests, layers, and tags - Storage design, content-addressable deduplication, and garbage collection - Authentication, authorization, and multi-tenant isolation - Caching, CDN, replication, and scalability strategies - Reliability, consistency trade-offs, and observability Assume the service must handle millions of images, frequent CI pushes, and large pull traffic during deployments.