Check and manage Container Registry information

Available in Classic and VPC

You can check registries created on Container Registry and container images registered (pushed) on the registry, as well as upload (push) Docker container images saved locally to the registry of Container Registry or download (pull) Docker container images in the registry to local. You can also configure and manage registries and Docker container images that are in operation according to the user environment.

Container Registry interface

The following is a basic description of Container Registry:

containerregistry-screen_ko

Component	Description
① Menu name	Name and path of the menu currently being viewed, and number of registries in operation.
② Basic features	Create registry and view details of Container Registry.
③ Post-creation features	Delete registries in operation.
④ Container Registry list	Check the list of registries in operation and their information.

Registry list interface

You can check the information about each registry from the list of registries that have been created and are in operation. To check the information, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Containers > Container Registry.
When the list of created Container Registries appears, view the summary or click a registry to see the details.
- Registry name: The name of registry created in Container Registry.
- Bucket name: The name of the bucket in Object Storage where the Docker container image will be saved.
- Usage amount: The amount of the bucket where the Docker container image is saved.
- Status: Current status of the registry.
- Image list: Go to the list interface for Docker container images registered in the created registry.
- Access commands: Check the commands for connecting to the registry (login) and uploading (pushing)/downloading (pulling) Docker container images.
- Configuration: Set whether to use public endpoint and scan uploaded Docker container image security vulnerabilities (Scan on Push).
- Public endpoint: Public endpoint information (<registry-name>.<region-code>.ncr.ntruss.com).
- Private endpoint: Private endpoint information (<random-name>.<region-code>.private-ncr.ntruss.com).
- Clean up old tags: Remove tag values applied to Docker container images.
- Creation time: Date and time the registry was created.

Enable/Disable registry public endpoints

Public endpoints are endpoints you can use to access NAVER Cloud Platform's Container Registry in an environment where you can use an external network (Internet). If necessary, you can disable this feature so as not to disclose your Container Registry.

Note

Even while public endpoints are disabled, you can use the private registry within the network environment of NAVER Cloud Platform.

To enable or disable public endpoints, follow these steps:

From the NAVER Cloud Platform console, navigate to Services > > Services > Containers > Container Registry.
Click the target registry name from the list.
From the details area, click under Configuration.
In the Set configuration popup window, click the Enable/disable toggle button of the Public endpoint field and set whether to use it, and then click [OK] button.

Enable/Disable public registry

Public registry is a feature that allows anyone without permissions to download (pull) images from the registry. By default, the Container Registry of NAVER Cloud Platform allows only authorized users to download (pull) images. If necessary, you can enable public registry to allow anyone without permissions to download (pull) images.

Note

Even when the public registry is enabled, unauthorized users cannot upload (push) images.

To enable or disable public registry, follow these steps:

From the NAVER Cloud Platform console, navigate to Services > > Services > Containers > Container Registry.
Click the target registry name from the list.
From the details area, click under Configuration.
In the Set configuration popup window, click the Enable/Disable toggle button of the Public registry field and set whether to use it, and then click [OK].

Delete registry

You can delete a registry that has been created and is in operation.

To delete a registry, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Containers > Container Registry.
Click the registry you want to delete, and click [Delete].
When the Delete registry popup window appears, check the details and click [Delete].

Note

Even if you delete the registry, Docker container images saved in the Object Storage are not deleted. We recommend that you delete all images before deleting the registry. (Recommended)

Manage sub account policies

You can assign Container Registry permissions to sub accounts through NAVER Cloud Platform's Sub Account service. The Container Registry policies you can assign to sub accounts are as follows:

Container Registry manager (NCP_CONTAINER_REGISTRY_MANAGER): Create/delete registries and upload (push)/download (pull) Docker container images.
Container Registry viewer (NCP_CONTAINER_REGISTRY_VIEWER): View registries and download Docker container image (pull).

When logging in to the registry with a sub account in the Docker CLI environment, use the API authentication key of the sub account as the ID. If API Gateway Access in the sub account's access type is enabled, the API authentication key can be viewed and managed from the [Access Key] tab in the details displayed after selecting the sub account from the i_menu > Services > Management & Governance > Sub Account menus on the NAVER Cloud Platform console.

Log in to registry

Log in from Docker CLI

To use NAVER Cloud Platform's Container Registry, you need Docker Engine 1.10 or higher.
When an applicable version is installed, you can log in to the endpoint using Docker CLI.

To log in to an endpoint using Docker CLI, follow these steps:

Check the endpoint for the registry access, and Access Key ID and Secret Key information of the API authentication key.
- Endpoint: Check Public endpoint or Private endpoint on the registry details interface.
  - Public endpoint: <registry-name>.<region-code>.ncr.ntruss.com
  - Private endpoint: <random-id>.<region-code>.private-ncr.ntruss.com
- Account ID: Check the Access Key ID of the API authentication key.
- Account password: Check the Secret Key of the API authentication key.
Enter the access command in the terminal and access the registry.
- Enter the values checked from Step 1 to <access-key-id>, <registry-name>, <region-code>, and <secret-key>.
- You can also check the command from the Access commands field in the details interface of the registry. Click the User guide button to check upload (push) and download (pull) commands in addition to the login command.

$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded

When you log in successfully, the "Login succeeded" message is displayed in the terminal window as shown in the example above.

Log in from Kubernetes

To log in to an endpoint from Kubernetes, follow these steps:

This section describes how to create a secret named regcred using the kubectl command with an example.

Check the endpoint for the registry access, and Access Key ID and Secret Key information of the API authentication key.
- Endpoint: Check Public endpoint or Private endpoint on the registry details interface.
  - Public endpoint: <registry-name>.<region-code>.ncr.ntruss.com
  - Private endpoint: <random-id>.<region-code>.private-ncr.ntruss.com
- Account ID: Check the Access Key ID of the API authentication key.
- Account password: Check the Secret Key of the API authentication key.
- User email: User account email address.
In the terminal, create a secret named regcred using the kubectl command.
- Enter the values checked from Step 1 to <registry-end-point>, <registry-end-point>, <secret-key>, and <your-email>.

$ kubectl create secret docker-registry regcred --docker-server=<registry-end-point> --docker-username=<access-key-id> --docker-password=<secret-key> --docker-email=<your-email>

Enter the name of the secret created earlier in imagePullSecrets under the spec component of template as shown in the next example. Then, you can download (pull) the image of the registry created on NAVER Cloud Platform.

Example: MySQL YAML

 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: test-mysql
   labels:
     name: test-mysql
 spec:
   replicas: 1
   selector:
     matchLabels:
       name: test-mysql
   template:
     metadata:
       labels:
         name: test-mysql
     spec:
       imagePullSecrets:
       - name: regcred
       containers:
       - name: test-mysql
         image: <registry-name>.ncr.ntruss.com/mysql:5.7.21
         env:
         - name: MYSQL_ROOT_PASSWORD
           value: "1234"

Upload (Push) Docker container image

When you log in to the endpoint of a specific registry using the docker login command, you can upload (push) Docker container images to the registry.

Note

To upload (push) Docker container images to the registry, you need to first create (docker commit) a Docker container image of the container, and then apply tags (docker tag) to the created image. For more information, see the user guide and related documents from the Docker website.

To upload (push) Docker container images to the registry, follow these steps:

This section describes how to upload (push) jenkins:latest Docker container images to the registry with an example.

Use the docker login command in the Docker CLI environment to log in to the target registry.
- For more information, see Log in from Docker CLI.

$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded

Use the docker push command to run it as shown in the next example.
- Click the User guide button in the Access commands field under the details interface of the registry to see the upload (push) command examples and descriptions.

$ docker push <registry-name>.<region-code>.ncr.ntruss.com/jenkins
The push refers to repository [mybear.kr.beta-ncr.ntruss.com/jenkins]
0577e068c587: Layer already exists
b1891bf16fa7: Layer already exists
37c1d818eb0b: Layer already exists
d51e4482f53a: Layer already exists
ceed640cbb93: Layer already exists
9c2e8b91bfa8: Layer already exists
c477b6c8ca45: Layer already exists
fa0c3f992cbd: Layer already exists
ce6466f43b11: Layer already exists
719d45669b35: Layer already exists
3b10514a95be: Layer already exists
latest: digest: sha256:0de43cde2c4b864a8e4a84bbd9958e47c5d851319f118203303d040b0a74f159 size: 4501

Note

When logged in with a sub account, the Sub Account policy of the sub account must have the admin (Manager, Change (Full)) permissions for the task to be allowed.

Download (Pull) Docker container image

When you log in to the endpoint of a specific registry using the docker login command, you can download (pull) Docker container images saved in the registry.

To download (pull) Docker container images to the registry, follow these steps:

This section describes how to download (pull) jenkins:latest Docker container images saved in the registry with an example.

Use the docker login command in the Docker CLI environment to log in to the target registry.
- For more information, see Log in from Docker CLI.

$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded

Use the docker pull command to run it as shown in the next example.
- Click the User guide button in the Access commands field under the details interface of the registry to see the download (pull) command examples and descriptions.

$ docker pull <registry-name>.<region-code>.ncr.ntruss.com/jenkins
Using default tag: latest
latest: Pulling from jenkins
55cbf04beb70: Pull complete
c58988e753d7: Pull complete
70fcfa476f73: Pull complete
0539c80a02be: Downloading [===============>                                   ]  40.52MB/133.9MB
54fefc6dcf80: Download complete
911bc90e47a8: Download complete
38430d93efed: Download complete
c0cbcb5ac747: Download complete
35ade7a86a8e: Download complete
aa433a6a56b1: Downloading [===================>                               ]  27.91MB/70.41MB
841c1dd38d62: Download complete
12b47c68955c: Download complete
1322ea3e7bfd: Download complete

Note

When logged in with a sub account, the Sub Account policy of the sub account must have viewer (View (Full)) permissions or higher for the task to be allowed.

Manage Docker container image

You can manage Docker container images registered on Container Registry registries by viewing them, entering notes for images, cleaning up old tags, deleting Docker container images, and so on.

View uploaded images

You can view and manage Docker container images uploaded to a specific registry.

To go to the list of Docker container images uploaded to a registry, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Containers > Container Registry.
From the registry list, click the [Move] button of the image list under the target registry.
When the list of Docker container images of the registry appears, view the summary or click a Docker container image to see the details.
- [Delete]: Delete images uploaded to registry.
- List and [Details] tab
  - Image name: Name of Docker container image.
  - Last changed date: Date and time the Docker container image was most recently changed.
  - Pulls: Number of times the Docker container image has been downloaded.
  - Pull command: Check the command to download (pull) the Docker container image in the Docker CLI environment, etc. Click the User guide button to see upload (push) and login commands in addition to the download (pull) command.
  - Configuration: Set whether tags can be changed.
  - Short description: Enter a description of no more than 100 characters.
  - Full description: Supports Markdown format, allowing for a more detailed description.
- [Tags] tab
  - Delete tag: Delete a tag applied to a Docker container image.
  - Tag name: Name of tag applied to Docker container image.
  - Compressed size: The size of the Docker container image that the tag is applied to.
  - Last changed date: Date and time the Docker container image was most recently changed.
  - Digest: Unique identification ID of the Docker container image.
  - Security vulnerabilities: Scan Docker container image security vulnerabilities.

Create image descriptions

You can enter descriptions for Docker container images as short descriptions and full descriptions.

Short description: Enter a description of no more than 100 characters.
Full description: Supports Markdown format, allowing for a more detailed description.

To enter descriptions for a Docker container image, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Containers > Container Registry.
From the registry list, click the [Move] button of the image list under the target registry.
Click the [Edit] button of Short description or Full description in the Details tab of the Docker container image list.
Enter the description in the input field, and click the [Submit] button.
- Full description is divided into the [Code] tab, where you can enter a description in the Markdown format, and the [Preview] tab, where you can preview the description you entered.
- The descriptions entered in Short description are displayed in the Short description column of the list.

Delete images

To delete Docker container images uploaded to the registry, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Containers > Container Registry.
From the registry list, click the [Move] button of the image list under the target registry.
Select the Docker container image you want to delete from the Docker container image list, and click the [Delete] button.
Check the details in the Delete image popup window, and click the [Delete] button.
- When an image is deleted, all tags of the image are also automatically deleted.

Caution

Garbage collection is performed when an image or image tag is deleted. During garbage collection, image pushes are limited to protect data.

Delete image tags

To delete tags applied to Docker container images, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Containers > Container Registry.
From the registry list, click the [Move] button of the image list under the target registry.
In the Docker container image list, click the target Docker container image.
From the details interface, click the [Tags] tab.
Select the tags you want to delete from the tag list, and click the [Delete tag] button.
Check the details in the Delete tag popup window, and click the [Delete] button.

Clean up old tags

To delete tags applied to Docker container images, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Containers > Container Registry.
Click the target registry from the registry list.
From the details interface of the registry, click the [Move] button of the Clean up old tags field.
If necessary, you can use the Filter feature to only display Docker container images that meet the search conditions. Select the base date and whether to exclude the last tag, and click the [Apply] button.
From the image list, select the image you want to delete the tags from, and click the [Delete] button.
Check the details in the Delete popup window and click the [Delete] button.

Enable/Disable possibility of tag change

To prevent images with tags of the same name from being pushed/overwritten, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Containers > Container Registry.
From the registry list, click the [Move] button of the image list under the target registry.
In the Details tab of the Docker container images list, click in Configuration.
In the Set configuration popup window, click the Enable/Disable toggle button of the Tag mutability field and set whether to use it, and then click the [OK] button.