Powered by Redocly

Remote Registries

A list of remote registries used when fetching application images. By adding an entry here, and adding credentials to Strongbox it is possible to fetch images from an authenticated registry.

Create a new remote registry

SecurityaccessToken
Request
query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
address
required
string <registry-address>

The address of the remote registry.

override-address
string <registry-address>

When override-address is set, that will be used instead of address.

ca-cert
string <ca-cert>

One or more root certificates in PEM format.

By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.

Array of objects

Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to *. In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have

repository: avassa-public

it will be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. But not for example for redis.

- repository: "*"
  vault: myvault
  secret: a
- repository: avassa-public
  vault: myvault
  secret: b
- repository: avassa-public/digital-assets-manager
  vault: myvault
  secret: c

With the above example, secret b would be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. However for avassa-public/digital-assets-manager secret c would be used. And for redis secret a would be used.

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict (instance exists)

503

Service Unavailable (strongbox sealed)

post/v1/config/image-registry/remote-registries
Request samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the configuration of all remote registries

SecurityaccessToken
Request
query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/image-registry/remote-registries
Response samples 
- address: registry.example.com
  override-address: registry.example.com:6000
  ca-cert: |
    -----BEGIN CERTIFICATE-----
    MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
    XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
    WqxB6A==
    -----END CERTIFICATE-----
  credentials:
    - repository: "*"
      vault: myvault
      secret: a
    - repository: avassa-public
      vault: myvault
      secret: b
    - repository: avassa-public/digital-assets-manager
      vault: myvault
      secret: c

Update a remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
address
required
string <registry-address>

The address of the remote registry.

override-address
string <registry-address>

When override-address is set, that will be used instead of address.

ca-cert
string <ca-cert>

One or more root certificates in PEM format.

By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.

Array of objects

Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to *. In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have

repository: avassa-public

it will be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. But not for example for redis.

- repository: "*"
  vault: myvault
  secret: a
- repository: avassa-public
  vault: myvault
  secret: b
- repository: avassa-public/digital-assets-manager
  vault: myvault
  secret: c

With the above example, secret b would be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. However for avassa-public/digital-assets-manager secret c would be used. And for redis secret a would be used.

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

patch/v1/config/image-registry/remote-registries/{remote-registry-address}
Request samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Delete a remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

delete/v1/config/image-registry/remote-registries/{remote-registry-address}

Replace or create a new remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
address
required
string <registry-address>

The address of the remote registry.

override-address
string <registry-address>

When override-address is set, that will be used instead of address.

ca-cert
string <ca-cert>

One or more root certificates in PEM format.

By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.

Array of objects

Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to *. In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have

repository: avassa-public

it will be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. But not for example for redis.

- repository: "*"
  vault: myvault
  secret: a
- repository: avassa-public
  vault: myvault
  secret: b
- repository: avassa-public/digital-assets-manager
  vault: myvault
  secret: c

With the above example, secret b would be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. However for avassa-public/digital-assets-manager secret c would be used. And for redis secret a would be used.

Responses
201

Created

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

put/v1/config/image-registry/remote-registries/{remote-registry-address}
Request samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the configuration of a remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/image-registry/remote-registries/{remote-registry-address}
Response samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the state of all remote registries

SecurityaccessToken
Request
query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/image-registry/remote-registries
Response samples 
- address: registry.example.com
  override-address: registry.example.com:6000
  ca-cert: |
    -----BEGIN CERTIFICATE-----
    MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
    XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
    WqxB6A==
    -----END CERTIFICATE-----
  credentials:
    - repository: "*"
      vault: myvault
      secret: a
    - repository: avassa-public
      vault: myvault
      secret: b
    - repository: avassa-public/digital-assets-manager
      vault: myvault
      secret: c

Retrieve the state of a remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/image-registry/remote-registries/{remote-registry-address}
Response samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Invoke the list-images operation

Fetch the list of available images from the remote registry.

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

Request Body schema:
One of:
tag
string <tag> ^[a-zA-Z0-9_][a-zA-Z0-9_.-]*$

Only fetch the images with this tag.

repository
required
string <repository-string>
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/image-registry/remote-registries/{remote-registry-address}/list-images
Request samples 
repository: avassa-public/movie-theaters-demo/kettle-popper-manager
tags:
  - latest
  - v1.0
Response samples 
images:
  - name: avassa-public/movie-theaters-demo/kettle-popper-manager:latest
    digest: sha256:d0a38dc334e40c3a3812f1d36f6568d1cbef29ae294ab6d36cb36983b1233f18
    type: image-index
    images:
      - digest: sha256:5d8dea50be787ce679a676dafc6e63c4af27bc97d8cd455387b73b89b03742fa
        platform: linux/amd64
        image-id: sha256:30f8fc5a7f151873cf9fc3c0b628ef702c69ae08e418e17440d012c088bc05d1
        compressed-size: 34.87 MiB
        labels: {}
      - digest: sha256:f3596779cc390183741447c29b16b281e21c35e9456221ebb735b51d5248cc5e
        platform: linux/arm64
        image-id: sha256:4c5d3a3cc10cee34a7300aa2eac106e8d733999d0f05bfd1bbdfb7a808bb3818
        compressed-size: 34.92 MiB
        labels: {}
  - name: avassa-public/movie-theaters-demo/kettle-popper-manager:v1.0
    digest: sha256:38cd92e53bd34757638e833d179198fc8254b8ed6156e9fc70946bd4eec4ba26
    type: image-index
    images:
      - digest: sha256:5d8dea50be787ce679a676dafc6e63c4af27bc97d8cd455387b73b89b03742fa
        platform: linux/amd64
        image-id: sha256:30f8fc5a7f151873cf9fc3c0b628ef702c69ae08e418e17440d012c088bc05d1
        compressed-size: 34.87 MiB
        labels: {}
      - digest: sha256:419bb49533b1825b2448abe8e310773f22a6158142bf570f17b8e3a07d4f82e4
        platform: linux/arm64
        image-id: sha256:924653a7208e0ff754b0416ef8bbffa229f79ed88bbb8e56fc337f51fb58c6b8
        compressed-size: 34.92 MiB
        labels: {}

Invoke the list-repositories operation

Fetch the list of available repositories from the remote registry.

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/image-registry/remote-registries/{remote-registry-address}/list-repositories
Response samples 
repositories:
  - avassa-public/movie-theaters-demo/kettle-popper-manager
  - avassa-public/movie-theaters-demo/curtain-controller
  - avassa-public/movie-theaters-demo/visitors-counter

Invoke the pull operation

Pull an image from this remote registry.

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

Request Body schema:
One of:
all-platforms
boolean

Must have the value true.

Include all platforms that are available for this image.

image
required
string <image-string>
to
string <image-string>

Optional target repository and tag

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/image-registry/remote-registries/{remote-registry-address}/pull
Request samples 
image: avassa-public/movie-theaters-demo/kettle-popper-manager:v1.0
platform: x86_64
to: avassa/kettle-popper-manager
Response samples 
name: avassa/kettle-popper-manager:latest
digest: sha256:38cd92e53bd34757638e833d179198fc8254b8ed6156e9fc70946bd4eec4ba26
tag-updated: true

Invoke the verify-credentials operation

Try to connect and authenticate with the remote registry. Returns 'success' or an error message.

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

Request Body schema:
image
string <image-string>

If an image string is specified, try to authenticate and verify that that particular image is readable.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/image-registry/remote-registries/{remote-registry-address}/verify-credentials
Request samples 
image: avassa-public/movie-theaters-demo/curtain-controller
Response samples 
success: true
digest: sha256:565f2b8629c3f5e6b79b78157fdb0c640e5a4fc53a43f728624be7df8831bd3e
➔ Next to Remote Registry Operations