"Where and how to store container images" is more complex than it initially appears. Simply uploading to Docker Hub falls apart as scale increases. Docker Hub's Rate Limit (100 pulls without authentication in 6 hours, as of 2020) has caused actual incidents where pull requests from EKS cluster nodes numbering in the hundreds were blocked. Supply chain attacks with hidden malware in external registry images, similar to malicious code embedded in npm packages, are real threats. For multi-region deployments, pulling images repeatedly through the internet creates latency and cost issues.