- Print
- PDF
Checking and managing information of Container Registry
- Print
- PDF
Available in Classic and VPC
You can check the registry created on Container Registry and container images registered (push) on the registry, as well as upload (push) Docker container images saved locally to the registry of Container Registry or download (pull) Docker container images in the registry to local. You can also configure and manage registries and Docker container images that are in operation according to the user environment.
Container registry page
The basics of using Container Registry are as follows.
Area | Description |
---|---|
① Menu name | Name and path of the menu currently being viewed, number of registries in operation |
② Basic features | Create registry, view details of Container Registry |
③ Post-creation features | Delete registries in operation |
④ Container registry list | Check the list of registries in operation and their information |
Registry list page
You can check the information about each registry from the list of registries that have been created and are in operation. The following is how to check the list.
From the NAVER Cloud Platform console, click the Services > Containers > Container Registry menus, in that order.
When the list of created Container Registry appears, view the summary information or click a registry to see the details.
- Registry name: the name of registry created in Container Registry
- Bucket name: the name of Object Storage where the Docker container image is saved
- Usage amount: the usage amount of the bucket where the Docker container image is saved
- Status: current status of the registry
- Image list: Directs you to the list page of Docker container images registered to the created registry.
- Access commands: View commands to log in to the registry, and upload (push)/download (pull) Docker container images.
- Configuration: Set whether to Use public endpoint and Scan security vulnerabilities for uploaded Docker container images (Scan on push).
- Public endpoint: public endpoint information (
<registry-name>
.<region-code>
.ncr.ntruss.com) - Private endpoint: private endpoint information (
<random-name>
.<region-code>
.private-ncr.ntruss.com) - Clean up old tags: Removes tag values applied to Docker container images.
- Creation date: date when the registry was created
Activate/deactivate registry public endpoints
Public endpoints are endpoints you can use to access NAVER Cloud Platform's Container Registry in an environment where you can use an external network (Internet). If necessary, you can deactivate this feature to not disclose your Container Registry.
Even while public endpoints are deactivated, you can use the private registry within the network environment of NAVER Cloud Platform.
The following describes how to activate or deactivate public endpoints.
- Access the NAVER Cloud Platform console.
- Click Services > Containers > Container Registry menus, in that order.
- Click the target registry name from the list.
- From the details area, click under Configuration.
- In the Set configuration pop-up window, click the Activate/deactivate toggle button of the Public Endpoint field and set whether to use it, and then click the [OK] button.
Activating/deactivating public registry
Public registry is a feature that allows anyone without permissions to download (pull) images from the registry. By default, the Container Registry of NAVER Cloud Platform allows only authorized users to download (pull) images. If necessary, you can enable public registry to allow anyone without permissions to download (pull) images.
Even if the public registry is enabled, unauthorized users can't upload (push) images.
The following describes how to activate or deactivate public registries.
- Access the NAVER Cloud Platform console.
- Click Services > Containers > Container Registry menus, in that order.
- Click the target registry name from the list.
- From the details area, click under Configuration.
- In the Set configuration pop-up window, click the Activate/deactivate toggle button of the Public Registry field and set whether to use it, and then click the [OK] button.
Delete registry
You can delete a registry that has been created and is in operation.
The following is how to delete them.
- From the NAVER Cloud Platform console, click the Services > Containers > Container Registry menus, in that order.
- Click the registry you want to delete, and then click the [Delete] button.
- When the Delete registry pop-up window appears, check the details and click the [Delete] button.
Even if you delete the registry, Docker container images saved in the Object Storage are not deleted. We recommend that you delete all images before deleting the registry.
Manage sub account policies
You can assign Container Registry permissions to sub accounts through NAVER Cloud Platform's Sub Account service. The Container Registry policies you can assign to sub accounts are as follows.
- Container Registry manager (NCP_CONTAINER_REGISTRY_MANAGER): create/delete registries, upload (Push)/download (Pull) Docker container images
- Container Registry viewer (NCP_CONTAINER_REGISTRY_VIEWER): view registry, download Docker container image (pull)
When logging in to the registry with a sub account in the Docker CLI environment, use the API authentication key of the sub account as the ID. If the API Gateway access in the sub account's access type is activated, then the API authentication key can be viewed and managed from the [Access Key] tab in the details displayed after selecting the sub account from the Services > Management & Governance > Sub Account menus in the NAVER Cloud Platform console.
Log in to registry
Log in from Docker CLI
To use the Naver Cloud Platform’s Container Registry, you need Docker Engine 1.10 or higher.
When an applicable version is installed, you can log in to the endpoint using Docker CLI.
The following describes how to log in to an endpoint using Docker CLI.
Check the endpoint for the registry access, and Access Key ID and Secret Key information of the API authentication key.
- Endpoint: Check Public endpoint or Private endpoint from the details page of the registry.
- Public endpoint:
<registry-name>
.<region-code>
.ncr.ntruss.com - Private endpoint:
<random-id>
.<region-code>
.private-ncr.ntruss.com
- Public endpoint:
- Account ID: Check the Access Key of the API authentication key.
- Account password: Check the Secret Key of the API authentication key.
- Endpoint: Check Public endpoint or Private endpoint from the details page of the registry.
Enter the access command in the terminal and connect to the registry.
- Enter the values checked from Step 1 to
<access-key-id>
,<registry-name>
,<region-code>
, and<secret-key>
. - You can also check the command from the Access commands field in the details page of the registry. If you click the Guide button, then you can also check upload (push) and download (pull) commands in addition to the login command.
- Enter the values checked from Step 1 to
$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded
If the login is successful, then the Login Succeeded
message is printed in the terminal window as shown in the example above.
Log in from Kubernetes
The following describes how to log in to an endpoint from Kubernetes.
In this guide, we will describe an example of creating a secret named regcred
using the kubectl command.
Check the endpoint for the registry access, and Access Key ID and Secret Key information of the API authentication key.
- Endpoint: Check Public endpoint or Private endpoint from the details page of the registry.
- Public endpoint:
<registry-name>
.<region-code>
.ncr.ntruss.com - Private endpoint:
<random-id>
.<region-code>
.private-ncr.ntruss.com
- Public endpoint:
- Account ID: Check the Access Key of the API authentication key.
- Account password: Check the Secret Key of the API authentication key.
- User email: email address of the user account
- Endpoint: Check Public endpoint or Private endpoint from the details page of the registry.
In the terminal, create a secret named
regcred
using the kubectl command.- Enter the values checked from Step 1 to
<registry-end-point>
,<registry-end-point>
,<secret-key>
, and<your-email>
.
- Enter the values checked from Step 1 to
$ kubectl create secret docker-registry regcred --docker-server=<registry-end-point> --docker-username=<access-key-id> --docker-password=<secret-key> --docker-email=<your-email>
Enter the name of
secret
created earlier inimagePullSecrets
under the spec area of template as shown in the example below. Then, you can download (pull) the image of the registry created on NAVER Cloud Platform.- Example: MySQL YAML
apiVersion: apps/v1 kind: Deployment metadata: name: test-mysql labels: name: test-mysql spec: replicas: 1 selector: matchLabels: name: test-mysql template: metadata: labels: name: test-mysql spec: imagePullSecrets: - name: regcred containers: - name: test-mysql image: <registry-name>.ncr.gov-ntruss.com/mysql:5.7.21 env: - name: MYSQL_ROOT_PASSWORD value: "1234"
Upload Docker container image (push)
If you logged into the endpoint of a specific registry using the docker login
command, then you can upload (push) Docker container images to the registry.
To upload (push) Docker container images to the registry, you need to first create a Docker container image of the container (docker commit
), and then apply tags to the created image (docker tag
). For more information, see the guide and related documents on the Docker website.
The following describes how to upload (push) Docker container images to the registry.
In this guide, we will describe an example of uploading (push) the jenkins:latest
Docker container image to the registry.
- Use the
docker login
command in the Docker CLI environment to log in to the target registry.- For more details about the methods, see Log in from Docker CLI.
$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded
- Use the
docker push
command to run it as shown in the example below.- Once you click the Guide button in the Access commands field under the details page of the registry, you can see the upload (push) command examples and descriptions.
$ docker push <registry-name>.<region-code>.ncr.ntruss.com/jenkins
The push refers to repository [mybear.kr.beta-ncr.ntruss.com/jenkins]
0577e068c587: Layer already exists
b1891bf16fa7: Layer already exists
37c1d818eb0b: Layer already exists
d51e4482f53a: Layer already exists
ceed640cbb93: Layer already exists
9c2e8b91bfa8: Layer already exists
c477b6c8ca45: Layer already exists
fa0c3f992cbd: Layer already exists
ce6466f43b11: Layer already exists
719d45669b35: Layer already exists
3b10514a95be: Layer already exists
latest: digest: sha256:0de43cde2c4b864a8e4a84bbd9958e47c5d851319f118203303d040b0a74f159 size: 4501
If you've logged in with a sub account, then the sub account policy of the sub account must have the manager (Manager, Change (Full)) permissions for the job to be allowed.
Download Docker container image (pull)
If you logged into the endpoint of a specific registry using the docker login
command, then you can download (pull) Docker container images saved in the registry.
The following describes how to download (pull) Docker container images from the registry.
In this guide, we will describe an example of downloading (pull) the jenkins:latest
Docker container image saved in the registry.
- Use the
docker login
command in the Docker CLI environment to log in to the target registry.- For more details about the methods, see Log in from Docker CLI.
$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded
- Use the
docker pull
command to run it as shown in the example below.- Once you click the Guide button in the Access commands field under the details page of the registry, you can see the download (pull) command examples and descriptions.
$ docker pull <registry-name>.<region-code>.ncr.ntruss.com/jenkins
Using default tag: latest
latest: Pulling from jenkins
55cbf04beb70: Pull complete
c58988e753d7: Pull complete
70fcfa476f73: Pull complete
0539c80a02be: Downloading [===============> ] 40.52MB/133.9MB
54fefc6dcf80: Download complete
911bc90e47a8: Download complete
38430d93efed: Download complete
c0cbcb5ac747: Download complete
35ade7a86a8e: Download complete
aa433a6a56b1: Downloading [===================> ] 27.91MB/70.41MB
841c1dd38d62: Download complete
12b47c68955c: Download complete
1322ea3e7bfd: Download complete
If you've logged in with a sub account, then the sub account policy of the sub account must have the viewer (View (Full)) permissions or higher for the job to be allowed.
Manage Docker container image
You can manage Docker container images registered on Container Registry registries by viewing them, entering notes for images, cleaning up old tags, and deleting Docker container images.
View uploaded images
You can view and manage Docker container images uploaded to a specific registry.
The following describes how to go to the list of Docker container images uploaded to a registry.
From the NAVER Cloud Platform console, click the Services > Containers > Container Registry menus, in that order.
From the registry list, click the [Go] button of the image list under target registry.
When the list of Docker container images of the registry appears, view the summary information or click a Docker container image to see the details.
- [Delete]: Delete images uploaded to registry
- List and [Details] tab
- Image name: image name of the Docker container
- Latest modification date: the latest time when the Docker container image was modified
- Pulls: number of downloads for the Docker container image
- Pull commands: View commands to download the Docker container image in Docker CLI environment, etc. If you click the Guide button, then you can also check upload (push) and login commands in addition to the download (pull) command.
- Configuration: Set the possibility of tag change
- Short Description: Enter a description under 100 characters.
- Full Description: Supports markdown format, and allows richer description.
- [Tags] tab
- Delete tags: Removes tags applied to the Docker container image.
- Tag name: name of the tag applied to the Docker container image
- Compression size: size of the Docker container image the tag is applied to
- Latest modification date: the latest time when the Docker container image was modified
- Digest: unique identification ID of the Docker container image
- Security vulnerabilities: Scanning security vulnerabilities in Docker container images.
Create image descriptions
You can enter descriptions for the Docker container image, including a short description and full description.
- Short description: Enter a description under 100 characters.
- Full description: Supports markdown format, and allows richer description.
The following describes how to enter descriptions for a Docker container image.
- From the NAVER Cloud Platform console, click the Services > Containers > Container Registry menus, in that order.
- From the registry list, click the [Go] button of the image list under target registry.
- Click the [Edit] button for Short description or Full description in the Details tab of the Docker container image list.
- Enter the description in the input field, and then click the [Submit] button.
- Full description is divided into the [Code] tab, where you can enter a description in markdown format, and the [Preview] tab, where you can preview the description you entered.
- The descriptions entered in Short description are displayed in the Short description column of the list.
Delete Image
The following describes how to delete Docker container images uploaded to the registry.
- From the NAVER Cloud Platform console, click the Services > Containers > Container Registry menus, in that order.
- From the registry list, click the [Go] button of the image list under target registry.
- Select the Docker container image you want to delete from the Docker container image list, and then click the [Delete] button.
- Check the details in the Delete image pop-up window, and then click the [Delete] button.
- When the image is deleted, all tags of the image are also automatically deleted.
Delete image tags
The following describes how to delete tags applied to Docker container images.
- From the NAVER Cloud Platform console, click the Services > Containers > Container Registry menus, in that order.
- From the registry list, click the [Go] button of the image list under target registry.
- In the Docker container image list, click the Docker container image.
- From the details page, click the [Tags] tab.
- Select the tags you want to delete from the tag list, and then click the [Delete tag] button.
- Check the details in the Delete tag pop-up window, and then click the [Delete] button.
Clean up old tags
The following describes how to delete tags applied to Docker container images.
- From the NAVER Cloud Platform console, click the Services > Containers > Container Registry menus, in that order.
- Click the target registry from the registry list.
- From the details page of the registry, click the [Go] button under the Clean up old tags field.
- If necessary, you can use the Filter feature to only display Docker container images that meet the search conditions. Select the base date and whether to exclude the last tag, and then click the [Apply] button.
- From the image list, select images you want to delete the tags from, and then click the [Delete] button.
- Check the details in the Delete pop-up window, and then click the [Delete] button.
Activating/deactivating the possibility of tag change
The following shows how to prevent images with tags of the same name from being pushed/overwritten.
- From the NAVER Cloud Platform console, click the Services > Containers > Container Registry menus, in that order.
- From the registry list, click the [Go] button of the image list under target registry.
- In the Details tab of the Docker container images list, on, click on in Configuration.
- In the Set configuration pop-up window, click the Activate/deactivate toggle button of the Tag Mutability field and set whether to use it, and then click the [OK] button.