Using an OCI Container Registry

B Using an OCI Container Registry

The instructions here help you create a container registry in Oracle Cloud Infrastructure. However, you can use other registries as well. The staging examples will be similar for those registries as well.

To create a container registry and upload the container images to the repository, you should perform the following tasks:

Create a Container Registry
Obtain your software images and stage them locally on a host where docker or podman is installed.
Tag the images with the repository name.
Upload the images to the repository

This appendix includes the following topics:

Creating a Container Registry
You have to create the container registry in OCI. A container registry helps host the container images.
Uploading Images to the Repository
You can upload the container images by using Docker (with the docker command) or CRI-O (with the podman command).

Creating a Container Registry

You have to create the container registry in OCI. A container registry helps host the container images.

To create a container registry:

Log in to the Oracle Cloud Infrastructure Console for your tenancy.
Select Developer Services and click Container Registry.
Click Create Repository and complete the following:
1. Choose your compartment. For example: iam.
2. Give your repository a name. This name is the same as the name of the container image. For example: oracle/oam.
3. Choose whether anyone can access it or just those with the appropriate login credentials.
4. Click Create Repository.

These steps create an empty repository. Repeat Step 3 for every image you want to upload.

Note:

While you do not have to pre-create empty repositories, doing so ensures that repositories get created in the correct compartment. If you omit this stage, you can move the repositories to your desired compartment later.

Creating an Auth Token

Parent topic: Using an OCI Container Registry

Creating an Auth Token

If you have not already done so, log in to the Oracle Cloud Infrastructure Console for your tenancy to create an auth token.

Click Profile on the top right corner of the page.
Click User Settings, select Auth Tokens, and then click Generate Token.
Enter a Description. For example: Container_token.
Click Generate Token.
Copy the generated token in a safe location because it will not be shown again.

Parent topic: Creating a Container Registry

Uploading Images to the Repository

You can upload the container images by using Docker (with the docker command) or CRI-O (with the podman command).

Parent topic: Using an OCI Container Registry

Using Docker to Load Images to the Container Registry

To load images using Docker, you should first log in to the container registory and then upload the images to the repository. For information about the new repository, see Creating a Container Registry.

Parent topic: Uploading Images to the Repository

Staging the Docker Images Locally

If you have not already staged your images locally, you must do so before continuing. For instructions, see Staging Images in Docker.

Parent topic: Using Docker to Load Images to the Container Registry

Logging in to the Container Registry

Before you can begin to upload images to the repository, you must first log in to your new repository.

To log in to the repository, use the following command:
```
docker login repository_name
```
The repository name will be <region_code>.ocir.io.
For example, to log in to the Ashburn region, use the command:
```
docker login iad.ocir.io
```
For a list of region codes, see Availability by Region.
When prompted, provide the user name.

The user name will be <tenancy-namespace>/<username> or <tenancy-namespace>/oracleidentitycloudservice/<username>. If you are using a federated logging, this user name will be the same user name you use to log in to your OCI console. For example: mytenancy/oracleidentitycloudservice/my@emailaddress.com.
When prompted for a password, provide the token you generated earlier. See Creating an Auth Token.

Parent topic: Using Docker to Load Images to the Container Registry

Uploading the Docker Images to the Repository

To upload images to the repository, you must have the Docker images already installed locally.

To check the availability of the Docker images locally, use the following command:

docker images

For example, you may see the following:

REPOSITORY         TAG                  IMAGE ID         CREATED         SIZE
oiri-ui            12.2.1.4.02106       0f6595fcf33d     3 weeks ago     568MB

Tag the image with your new repository details using the image ID. To tag, use the command:

docker tag <imageid> <repository_name>/<tenancy>/<project>/<image_name>:version

For example:

docker tag 0f6595fcf33d      iad.ocir.io/mytenancy/oracle/oiri-ui:12.2.1.4.02106

After tagging the image, you can upload it using the following command:

docker push <repository_name>/<tenancy>/<project>/<image_name>:version

For example:

docker push   iad.ocir.io/mytenancy/oracle/oiri-ui:12.2.1.4.02106

This step updates the image to the container registry in your route compartment. To see the image, log in to your tenancy, select Developer Services, and then click Container Registry.

If you did not pre-create your empty repositories, you will find that the images have been stored in the root compartment. If you want to move the images to a specific compartment:

Select the repository name. For example: oiri-ui.
From the Actions menu, select Move to Compartment.
Select your destination compartment and click OK.

Parent topic: Using Docker to Load Images to the Container Registry

Using CRI-O to Load Images to the Container Registry

To load images using CRI-O, you should first log in to the container registory and then upload the images to the repository. For information about the new repository, see Creating a Container Registry.

Parent topic: Uploading Images to the Repository

Staging the CRI-O Images Locally

If you have not already staged your images locally, you should do so before continuing. For instructions, see Staging Images in CRI-O.

Parent topic: Using CRI-O to Load Images to the Container Registry

Logging in to the Container Registry

Before you can begin uploading the images to the repository, you must first log in to the new repository.

To log in to the repository, use the following command:
```
sudo podman login repository_name
```
The repository name will be <region_code>.ocir.io.
For example, to log in to the Ashburn region, use the command:
```
sudo podman login iad.ocir.io
```
For a list of region codes, see Availability by Region.
When prompted, provide the user name.

The user name will be <tenancy-namespace>/<username> or <tenancy-namespace>/oracleidentitycloudservice/<username>. If you are using a federated logging, this user name will be the same user name you use to log in to your OCI console. For example: mytenancy/oracleidentitycloudservice/my@emailaddress.com.
When prompted for a password, provide the token you generated earlier. See Creating an Auth Token.

Parent topic: Using CRI-O to Load Images to the Container Registry

Uploading the CRI-O Images to the Repository

To upload images to the repository, you must have the CRI-O images already installed locally.

To check the availability of the CRI-O images locally, use the following command:

sudo podman images

For example, you may see the following:

REPOSITORY         TAG                  IMAGE ID         CREATED         SIZE
oiri-ui            12.2.1.4.02106       0f6595fcf33d     3 weeks ago     568MB

Tag the image with your new repository details using the image ID. To tag, use the command:

sudo podman tag <imageid> <repository_name>/<tenancy>/<project>/<image_name>:version

For example:

sudo podman tag 0f6595fcf33d      iad.ocir.io/mytenancy/oracle/oiri-ui:12.2.1.4.02106

After tagging the image, you can upload it using the following command:

sudo podman push <repository_name>/<tenancy>/<project>/<image_name>:version

For example:

sudo podman push   iad.ocir.io/mytenancy/oracle/oiri-ui:12.2.1.4.02106

This step updates the image to the container registry in your route compartment. To see the image, log in to your tenancy, select Developer Services, and then click Container Registry.

If you did not pre-create your empty repositories, you will find that the images have been stored in the root compartment. If you want to move the images to a specific compartment:

Select the repository name. For example: oiri-ui.
From the Actions menu, select Move to Compartment.
Select your destination compartment and click OK.

Parent topic: Using CRI-O to Load Images to the Container Registry

Staging OAA Images Downloaded as a ZIP File

If you are using Oracle Advanced Authentication and have downloaded the images as part of a zip file, you will have to stage the images locally as described in Staging Container Images.

Oracle Advanced Authentication provides a utility as part of the zip file to automatically upload all the staged images to your registry. This utility is called pushImages.sh and is in the oaa-install directory of the extracted zip file. To invoke the utility, use the following command:

pushImages.sh -b <RELEASE> -c <CONTAINER_COMMAND> -r <REGISTRY>

Where, CONTAINER_COMMAND is either the podman or the docker depending on your preferred command set.

For example:

pushImages.sh -b 12.2.1.4.1-20240425 -c podman -r iad.ocir.io/mytenancy/idm

Note:

You must ensure you are logged into your registry before issuing the command.

Parent topic: Using CRI-O to Load Images to the Container Registry