OCI Registry (OCIR) is an Oracle-managed private registry that simplifies your development by making it easy for you as a developer to store, manage and deploy container images, like Docker images securely within an Oracle Cloud.
Let’s start with an overview and use cases of Registry.
Oracle Cloud Registry | Overview
OCIR is a highly available and scalable private container registry service for storing and sharing container images within the same regions as the deployments.
An integrated platform offering, where users can store their container images easily in one location. Access to push and pull images with the Docker CLI or images can be pulled directly into a Kubernetes deployment.
These container images are managed and deployed on the Container Engine for Kubernetes (OKE).
Use Cases Of OCI Registry
- OCIR can be used as a private Docker registry for internal use, pushing and pulling Docker images to and from the Registry using the Docker V2 API and the standard Docker command-line interface (CLI).
- OCIR can also be used as a public Docker registry, any user with internet access, and knowledge of the appropriate URL can pull images from public repositories in OCIR.
- Developers, testers, and CI/CD systems need to use a registry to store images created during the application development process. You can iterate on code faster and push it to production more frequently.
- Oracle Functions and Events. The function code is packaged as a Docker image and pushed to OCIR and the event triggers can be configured in Events service to make sure when the function is invoked.
Oracle Cloud Registry | Benefits
- Integration: Full integration with Container Engine for Kubernetes (OKE)
- Security: Registries are private by default but can be made public by an admin
- Regional Availability: Pull container images quickly from the same region as your deployments
- High availability: Leverages OCI for high performance, high availability, and low latency image push and pull
- Anywhere Access: Use Docker CLI to push and pull images from anywhere – cloud, on-premises, or laptop
Oracle Cloud Registry | Pre-requisites
- Users must have access to an Oracle Cloud Infrastructure tenancy.
- User must have access to the Docker CLI
- To use registry service, the user is either a part of the admin group or part of a group to which a policy grants
the appropriate permissions
- User needs to have an OCI username and auth token before being able to push/pull an image
Steps To Configure Oracle Cloud Registry | Oracle Cloud Docker Registry
1. Navigate to Auth Tokens, under Resources and click Generate Token
2. Copy the token created, it will be used as a password for accessing OCIR.
3. Install Docker CLI on the local machine (windows in my case). Follow the steps for installation given here
4. Pull the hello-world image from Docker Hub and run it in the CLI.
5. To list image downloaded from Docker Hub, enter the following command
6. Login to the registry in OCI using Docker CLI
- In a terminal window on the client machine running Docker, enter the following command
docker login <region-key>.ocir.io
- Enter your username and password
Username: <tenancy-namespace>/<username> If tenancy is Federated with Oracle Identity Cloud Service Username: <tenancy-namespace>/oracleidentitycloudservice<username> Password: Auth token generated earlier (not visible)
7. Locate the existing image hello-world that we downloaded in step 4 to push
- In a terminal window, enter the command
- Tag the image that you are going to push to the registry. In our case, we are going to push the image named hello-world.
docker tag <image-identifier> <target-tag>
8. Push your tagged docker image from the local machine to OCI registry
docker push <target-tag>
9. Pull the Docker image from OCI registry to the client machine
docker pull <region-key>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag>
Note: Docker images can be pulled with Docker CLI or directly into Oracle Container Engine for Kubernetes(OKE) Deployments. We have demonstrated using only the Docker CLI in this post.
10. We can see by navigating to the Registry created in OCI that the image is pushed into the hello registry
11. We can see the pull status from OCI console
- 1Z0-1084-20 | Oracle Cloud Infrastructure Developer Associate
- Functions and Events in OCI
- KMS in OCI
- Monitoring Service in OCI
- Secret Management in OCI
Next Task For You
In our OCI Developer Associate [1Z0-1084] Certification training, we cover the OCI Registry in Operating Cloud-native Application module. In this training, we also cover the Fundamentals of Cloud-native applications and how to develop, secure, and test cloud-native applications.