Documentation Index

Fetch the complete documentation index at: https://guide.ncloud-docs.com/llms.txt

Use this file to discover all available pages before exploring further.

View and manage Container Registry information

Prev Next

Available in Classic and VPC

You can view registries created in Container Registry and container images pushed to them. You can also push Docker container images from your local environment to a Container Registry or pull Docker container images from a registry to your local environment. In addition, you can configure and manage registries and Docker container images based on your environment.

Container Registry interface

The basic information for using Container Registry is as follows:

containerregistry-screen_ko

Component Description
① Menu name Name and path of the current menu, and the number of active registries.
② Basic features Creates a registry and views Container Registry details.
③ Post-creation features Deletes active registries.
④ Container Registry list Lists active registries and shows their details.

Registry list interface

You can view information for each registry in the list of active registries. To view the information:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. When the list of created Container Registries appears, view summary information or click a registry to view its details.
    • Registry name: Name of the registry created in Container Registry.
    • Bucket name: Name of the Object Storage bucket where Docker container images are stored.
    • Usage: Amount of storage used by the bucket that stores Docker container images.
    • Status: Current status of the registry.
    • Image list: Opens the list of Docker container images registered in the created registry.
    • Access commands: Commands for logging in to the registry and pushing/pulling Docker container images.
    • Configuration: Set whether to use public endpoint and scan uploaded Docker container images for security vulnerabilities.
    • Public endpoint: Public endpoint information (<registry-name>.<region-code>.ncr.ntruss.com).
    • Private endpoint: Private endpoint information (<random-name>.<region-code>.private-ncr.ntruss.com).
    • Clean up old tags: Removes tag values from Docker container images.
    • Creation time: Date and time when the registry was created.

Enable or disable registry public endpoints

Public endpoints are endpoints that allow you to access NAVER Cloud Platform's Container Registry over the internet. If necessary, you can disable this feature to prevent your Container Registry from being publicly accessible.

Note

Even if public endpoints are disabled, you can still use the private registry within the NAVER Cloud Platform network.

To enable or disable public endpoints:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. From the list, click the target registry.
  3. From the details component, click i-containerregistry-detailset under Configuration.
  4. In the Configuration settings popup, toggle the Public Endpoint option to enable or disable it, then click [OK].

Enable or disable public registry

Public registry is a feature that allows anyone, including users without permissions, to pull images from the registry. By default, NAVER Cloud Platform's Container Registry allows only authorized users to pull images. If necessary, you can enable a public registry to allow anyone to pull images.

Note

Even if a public registry is enabled, unauthorized users cannot push images.

To enable or disable public registry:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. From the list, click the target registry.
  3. From the details component, click i-containerregistry-detailset under Configuration.
  4. In the Configuration settings popup, toggle the Public Registry option to enable or disable it, then click [OK].

Delete a registry

To delete an active registry:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. Click the registry you want to delete, then click [Delete].
  3. When the Delete registry popup appears, review the details and click [Delete].
Note

Deleting a registry does not delete Docker container images stored in Object Storage. Delete all images before deleting the registry. (recommended)

Manage sub account policies

You can assign Container Registry permissions to sub accounts using NAVER Cloud Platform's Sub Account service. The Container Registry policies you can assign to sub accounts are as follows:

  • Container Registry manager (NCP_CONTAINER_REGISTRY_MANAGER): Creates and deletes registries, and pushes, pulls, and deletes Docker container images.
  • Container Registry viewer (NCP_CONTAINER_REGISTRY_VIEWER): Views registries and pulls Docker container images.

When logging in to a registry using a sub account in the Docker CLI, use the sub account's API authentication key as the user ID. If API Gateway Access is enabled for the sub account's Access Type, you can view and manage the details of the API authorization key by navigating to Menu > **Services **> Management & Governance > Sub Account in the NAVER Cloud Platform Console, selecting the sub account, and opening the [Access Key] tab.

Log in to a registry

Log in from Docker CLI

To use NAVER Cloud Platform's Container Registry, you need Docker Engine 1.10 or higher.
When the required version is installed, you can log in to the endpoint using the Docker CLI.

To log in to the endpoint using the Docker CLI:

  1. Check the endpoint and the Access Key ID and Secret Key of the API authentication key for registry access.

    • Endpoint: Check the Public Endpoint or Private Endpoint on the Registry details interface.
      • Public endpoint: <registry-name>.<region-code>.ncr.ntruss.com
      • Private endpoint: <random-id>.<region-code>.private-ncr.ntruss.com
    • Account ID: Check the Access Key ID of the API authentication key.
    • Account password: Check the Secret Key of the API authentication key.

  2. In the terminal, enter the access command to access the registry.

    • Enter the values from Step 1 in <access-key-id>, <registry-name>, <region-code>, and <secret-key>.
    • You can also find the command in the Access commands section on the registry details interface. Click User guide to view push and pull commands in addition to the login command.
$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded

When you log in successfully, the "Login succeeded" message is displayed in the terminal as shown in the example above.

Log in from Kubernetes

To log in to the endpoint from Kubernetes:

This section describes how to create a secret named regcred using the kubectl command with an example.

  1. Check the endpoint and the Access Key ID and Secret Key of the API authentication key for registry access.

    • Endpoint: Check the Public Endpoint or Private Endpoint on the Registry details interface.
      • Public endpoint: <registry-name>.<region-code>.ncr.ntruss.com
      • Private endpoint: <random-id>.<region-code>.private-ncr.ntruss.com
    • Account ID: Check the Access Key ID of the API authentication key.
    • Account password: Check the Secret Key of the API authentication key.
    • User email: User account email address.

  2. In the terminal, create a secret named regcred using the kubectl command.

    • Enter the values from Step 1 in <registry-end-point>, <registry-end-point>, <secret-key>, and <your-email>.
$ kubectl create secret docker-registry regcred --docker-server=<registry-end-point> --docker-username=<access-key-id> --docker-password=<secret-key> --docker-email=<your-email>

  1. In the template spec, enter the name of the secret you created earlier in imagePullSecrets as shown in the example below. Then, you can pull images from the registry created on NAVER Cloud Platform.

    • Example: MySQL YAML
     apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: test-mysql
   labels:
     name: test-mysql
 spec:
   replicas: 1
   selector:
     matchLabels:
       name: test-mysql
   template:
     metadata:
       labels:
         name: test-mysql
     spec:
       imagePullSecrets:
       - name: regcred
       containers:
       - name: test-mysql
         image: <registry-name>.ncr.ntruss.com/mysql:5.7.21
         env:
         - name: MYSQL_ROOT_PASSWORD
           value: "1234"

Push Docker container image

When you log in to a registry endpoint using the docker login command, you can push Docker container images to the registry.

Note

To push Docker container images to a registry, you must first create an image using docker commit and then apply a tag using docker tag. For more information, see the user guide and related documents from the Docker website.

To push Docker container images to a registry:

This section describes how to push the jenkins:latest Docker container image to a registry with an example.

  1. In the Docker CLI, use the docker login command to log in to the target registry. 
$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded
  1. Run the docker push command as shown in the example below:
    • You can also view push command examples and descriptions by clicking User guide in the Access commands section on the Registry details interface.
$ docker push <registry-name>.<region-code>.ncr.ntruss.com/jenkins
The push refers to repository [mybear.kr.beta-ncr.ntruss.com/jenkins]
0577e068c587: Layer already exists
b1891bf16fa7: Layer already exists
37c1d818eb0b: Layer already exists
d51e4482f53a: Layer already exists
ceed640cbb93: Layer already exists
9c2e8b91bfa8: Layer already exists
c477b6c8ca45: Layer already exists
fa0c3f992cbd: Layer already exists
ce6466f43b11: Layer already exists
719d45669b35: Layer already exists
3b10514a95be: Layer already exists
latest: digest: sha256:0de43cde2c4b864a8e4a84bbd9958e47c5d851319f118203303d040b0a74f159 size: 4501
Note

When you are logged in with a sub account, the Sub Account policy assigned to that sub account must include administrator permissions (Manager, Change (Full)) to perform this task.

Pull Docker container image

When you log in to a registry endpoint using the docker login command, you can pull Docker container images from the registry.

To pull Docker container images from a registry:

This section describes how to pull the jenkins:latest Docker container image from a registry with an example.

  1. In the Docker CLI, use the docker login command to log in to the target registry. 
$ docker login -u <access-key-id> <registry-name>.<region-code>.ncr.ntruss.com
Password: <secret-key>
Login Succeeded
  1. Run the docker pull command as shown in the example below.
    • You can also view pull command examples and descriptions by clicking User guide in the Access commands section on the Registry details interface.
$ docker pull <registry-name>.<region-code>.ncr.ntruss.com/jenkins
Using default tag: latest
latest: Pulling from jenkins
55cbf04beb70: Pull complete
c58988e753d7: Pull complete
70fcfa476f73: Pull complete
0539c80a02be: Downloading [===============>                                   ]  40.52MB/133.9MB
54fefc6dcf80: Download complete
911bc90e47a8: Download complete
38430d93efed: Download complete
c0cbcb5ac747: Download complete
35ade7a86a8e: Download complete
aa433a6a56b1: Downloading [===================>                               ]  27.91MB/70.41MB
841c1dd38d62: Download complete
12b47c68955c: Download complete
1322ea3e7bfd: Download complete
Note

When you are logged in with a sub account, the Sub Account policy assigned to that sub account must include viewer permissions (View (Full)) or higher to perform this task.

Manage Docker container image

You can view Docker container images in a registry of Container Registry, enter notes, clean up old tags, and delete Docker container images.

View uploaded images

You can view and manage Docker container images uploaded to a specific registry.

To open the list of Docker container images in a registry:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.

  2. From the registry list, click [Move] in the image list for the target registry.

  3. When the list of Docker container images appears, view summary information or click an image to view its details.

    • [Delete]: Delete images in the registry.
    • List and [Details] tab
      • Image name: Name of the Docker container image.
      • Last modified date: Date and time when the Docker container image was last modified.
      • Pulls: Number of times the Docker container image has been pulled.
      • Pull command: Command to pull the Docker container image in the Docker CLI. Click User guide to view login and push commands in addition to the pull command.
      • Configuration: Set tag mutability.
      • Short Description: Enter up to 100 characters.
      • Full Description: Supports Markdown for more detailed descriptions.
    • [Tags] tab
      • Delete tag: Delete a tag applied to a Docker container image.
      • Tag name: Name of the tag applied to the Docker container image.
      • Compressed size: Size of the Docker container image associated with the tag.
      • Last modified date: Date and time when the Docker container image was last modified.
      • Digest: Unique identifier of the Docker container image.
      • Security vulnerabilities: Scan Docker container images for security vulnerabilities.

Create image descriptions

You can add descriptions to Docker container images using Short Description and Full Description.

  • Short Description: Enter up to 100 characters.
  • Full Description: Supports Markdown for more detailed descriptions.

To add a description to a Docker container image:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. From the registry list, click [Move] in the image list for the target registry.
  3. In the Details tab of the Docker container image list, click [Edit] for Short Description or Full Description.
  4. Enter the description in the input field, then click [Submit].
    • Full Description includes a [Code] tab for entering Markdown and a [Preview] tab for viewing the content.
    • Descriptions entered in Short Description are displayed in the Short Description column of the list.

Delete images

To delete Docker container images from a registry:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. From the registry list, click [Move] in the image list for the target registry.
  3. In the Docker container image list, select the image you want to delete, then click [Delete].
  4. In the Delete image popup, review the details and click [Delete].
    • When an image is deleted, all associated tags are also deleted.
Caution

Garbage collection runs when an image or tag is deleted. During garbage collection, image push is restricted to protect data.

Delete image tags

To delete tags applied to Docker container images:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. From the registry list, click [Move] in the image list for the target registry.
  3. In the Docker container image list, click the target image.
  4. On the Registry details interface, click the [Tags] tab.
  5. From the tag list, select the tags you want to delete, then click [Delete tag].
  6. In the Delete tag popup, review the details and click [Delete].

Clean up old tags

To delete tags applied to Docker container images:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. Click the target registry in the registry list.
  3. On the Registry details interface, click [Move] in the Clean up old tags section.
  4. Use the Filter feature to display only container images that meet the criteria. Select the filter, base date or count, and whether to exclude the latest tags, then click [Apply].
    Filter Description
    N days after last push
    N days after last pull
    Exclude latest N pushed tags
    Exclude latest N pulled tags
  5. From the image list, select the tags you want to delete, then click [Delete].
  6. In the Delete popup, review the details and click [Delete].

Enable or disable tag mutability

To prevent images with the same tag name from being pushed or overwritten:

  1. From the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Container Registry.
  2. From the registry list, click [Move] in the image list for the target registry.
  3. In the Details tab of the Docker container images list, click i-containerregistry-detailset in Configuration.
  4. In the Configuration settings popup, toggle the Tag Mutability option to enable or disable it, then click [OK].
Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
© NAVER Cloud Corp. All Rights Reserved.