Container Registries
Container registry authentication, private registry setup, and credential storage for Docker, Podman, and k3s.
Docker Hub
Login, push, pull
docker login docker.io
docker tag myapp:v1.0 docker.io/username/myapp:v1.0
docker push docker.io/username/myapp:v1.0
docker pull docker.io/username/myapp:v1.0Search for images
docker search nginx --limit 10
docker search --filter "is-official=true" nginxGitHub Container Registry (ghcr.io)
Authenticate with a personal access token
echo "$GITHUB_TOKEN" | docker login ghcr.io -u USERNAME --password-stdin
docker tag myapp:v1.0 ghcr.io/username/myapp:v1.0
docker push ghcr.io/username/myapp:v1.0Private Registry
Run a local registry
docker run -d -p 5000:5000 --name registry registry:2
docker tag myapp:v1.0 localhost:5000/myapp:v1.0
docker push localhost:5000/myapp:v1.0Query local registry API
curl -s http://localhost:5000/v2/_catalog | jq
curl -s http://localhost:5000/v2/myapp/tags/list | jqPodman Registry Configuration
Configure unqualified search registries
# /etc/containers/registries.conf
# unqualified-search-registries = ["docker.io", "quay.io"]
podman info --format '{{.Registries.Search}}'Configure insecure (HTTP) registries
# /etc/containers/registries.conf.d/local.conf
# [[registry]]
# location = "localhost:5000"
# insecure = trueAuthentication Files
Credential storage locations
# Docker: ~/.docker/config.json
# Podman: ${XDG_RUNTIME_DIR}/containers/auth.json
# k3s: /etc/rancher/k3s/registries.yaml
cat ~/.docker/config.json | jq '.auths | keys' # list authenticated registriesk3s private registry configuration
# /etc/rancher/k3s/registries.yaml
mirrors:
registry.example.com:
endpoint:
- "https://registry.example.com"
configs:
"registry.example.com":
auth:
username: user
password: <REDACTED>