Powered by Redocly

Remote Registries

A list of remote registries used when fetching application images. By adding an entry here, and adding credentials to Strongbox it is possible to fetch images from an authenticated registry.

Create a new remote registry

SecurityaccessToken
Request
query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
address
required
string <registry-address>

The address of the remote registry.

override-address
string <registry-address>

When override-address is set, that will be used instead of address.

ca-cert
string <ca-cert>

One or more root certificates in PEM format.

By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.

Array of objects

Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to *. In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have

repository: avassa-public

it will be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. But not for example for redis.

- repository: "*"
  vault: myvault
  secret: a
- repository: avassa-public
  vault: myvault
  secret: b
- repository: avassa-public/digital-assets-manager
  vault: myvault
  secret: c

With the above example, secret b would be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. However for avassa-public/digital-assets-manager secret c would be used. And for redis secret a would be used.

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict (instance exists)

503

Service Unavailable (strongbox sealed)

post/v1/config/image-registry/remote-registries
Request samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the configuration of all remote registries

SecurityaccessToken
Request
query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/image-registry/remote-registries
Response samples 
- address: registry.example.com
  override-address: registry.example.com:6000
  ca-cert: |
    -----BEGIN CERTIFICATE-----
    MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
    XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
    WqxB6A==
    -----END CERTIFICATE-----
  credentials:
    - repository: "*"
      vault: myvault
      secret: a
    - repository: avassa-public
      vault: myvault
      secret: b
    - repository: avassa-public/digital-assets-manager
      vault: myvault
      secret: c

Update a remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
address
required
string <registry-address>

The address of the remote registry.

override-address
string <registry-address>

When override-address is set, that will be used instead of address.

ca-cert
string <ca-cert>

One or more root certificates in PEM format.

By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.

Array of objects

Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to *. In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have

repository: avassa-public

it will be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. But not for example for redis.

- repository: "*"
  vault: myvault
  secret: a
- repository: avassa-public
  vault: myvault
  secret: b
- repository: avassa-public/digital-assets-manager
  vault: myvault
  secret: c

With the above example, secret b would be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. However for avassa-public/digital-assets-manager secret c would be used. And for redis secret a would be used.

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

patch/v1/config/image-registry/remote-registries/{remote-registry-address}
Request samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Delete a remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

delete/v1/config/image-registry/remote-registries/{remote-registry-address}

Replace or create a new remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
address
required
string <registry-address>

The address of the remote registry.

override-address
string <registry-address>

When override-address is set, that will be used instead of address.

ca-cert
string <ca-cert>

One or more root certificates in PEM format.

By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.

Array of objects

Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to *. In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have

repository: avassa-public

it will be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. But not for example for redis.

- repository: "*"
  vault: myvault
  secret: a
- repository: avassa-public
  vault: myvault
  secret: b
- repository: avassa-public/digital-assets-manager
  vault: myvault
  secret: c

With the above example, secret b would be used for avassa-public/kettle-popper-manager as well as avassa-public/projector-operations. However for avassa-public/digital-assets-manager secret c would be used. And for redis secret a would be used.

Responses
201

Created

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

put/v1/config/image-registry/remote-registries/{remote-registry-address}
Request samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the configuration of a remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/image-registry/remote-registries/{remote-registry-address}
Response samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the state of all remote registries

SecurityaccessToken
Request
query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/image-registry/remote-registries
Response samples 
- address: registry.example.com
  override-address: registry.example.com:6000
  ca-cert: |
    -----BEGIN CERTIFICATE-----
    MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
    XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
    WqxB6A==
    -----END CERTIFICATE-----
  credentials:
    - repository: "*"
      vault: myvault
      secret: a
    - repository: avassa-public
      vault: myvault
      secret: b
    - repository: avassa-public/digital-assets-manager
      vault: myvault
      secret: c

Retrieve the state of a remote registry

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/image-registry/remote-registries/{remote-registry-address}
Response samples 
address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Invoke the list-images operation

Fetch the list of available images from the remote registry.

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

Request Body schema:
One of:
tag
string <tag> ^[a-zA-Z0-9_][a-zA-Z0-9_.-]*$

Only fetch the images with this tag.

repository
required
string <repository-string>
brief
boolean

Must have the value true.

digest-length
string or integer <enumeration | uint8>
Default: "full"
  • enumeration: - full - short
  • uint8
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/image-registry/remote-registries/{remote-registry-address}/list-images
Request samples 
repository: avassa-public/movie-theaters-demo/kettle-popper-manager
tags:
  - latest
  - v1.0
digest-length: full
Response samples 
images:
  - name: registry.gitlab.com/avassa-public/movie-theaters-demo/kettle-popper-manager:latest
    digest: sha256:27ca0299125baf78014065152a1bd786573e309f15ae3dea9727239966ee0f4e
    image-index:
      media-type: application/vnd.oci.image.index.v1+json
      annotations: {}
      manifests:
        - digest: sha256:40356c753dbef81b769a59564a7aecae47fe9aaf25ac38e484189f83c3ddb6b0
          media-type: application/vnd.oci.image.manifest.v1+json
          platform: linux/amd64
          annotations: {}
        - digest: sha256:f26a93437cc3e662fc3cc3ee598e38dd765a56f1970956f963f74ddd4443c6ec
          media-type: application/vnd.oci.image.manifest.v1+json
          platform: unknown/unknown
          annotations:
            vnd.docker.reference.type: attestation-manifest
            vnd.docker.reference.digest: sha256:40356c753dbef81b769a59564a7aecae47fe9aaf25ac38e484189f83c3ddb6b0
        - digest: sha256:6fda815f671babdff2629fefb9c4cde1238e39530b838b03a1bf242fe1fa4b59
          media-type: application/vnd.oci.image.manifest.v1+json
          platform: linux/arm64
          annotations: {}
        - digest: sha256:3a417f1a4e7509393792ed8676bb47f6fe4fb95dceb6e55fdac56f8a835e9b91
          media-type: application/vnd.oci.image.manifest.v1+json
          platform: unknown/unknown
          annotations:
            vnd.docker.reference.type: attestation-manifest
            vnd.docker.reference.digest: sha256:6fda815f671babdff2629fefb9c4cde1238e39530b838b03a1bf242fe1fa4b59
  - name: registry.gitlab.com/avassa-public/movie-theaters-demo/kettle-popper-manager:v1.0
    digest: sha256:dadd899f7fe436b604183cbe0cc69d2144eea14a3050aff59c6a596d09a2cca7
    image-index:
      media-type: application/vnd.oci.image.index.v1+json
      annotations: {}
      manifests:
        - digest: sha256:66d89ad90c22706d7a7d9bb94f094239ce91157793bb0ec7d606ca732118a902
          media-type: application/vnd.oci.image.manifest.v1+json
          platform: linux/amd64
          annotations: {}
        - digest: sha256:e25f813685e4ce58d81dba1db905bc76f6c4da877c0baa094a03766ab650bbf2
          media-type: application/vnd.oci.image.manifest.v1+json
          platform: linux/arm64
          annotations: {}
        - digest: sha256:eab51c73922605a50430720e7b9b6eb0ab4225fd77cda474ccd84b38866cd35d
          media-type: application/vnd.oci.image.manifest.v1+json
          platform: unknown/unknown
          annotations:
            vnd.docker.reference.type: attestation-manifest
            vnd.docker.reference.digest: sha256:66d89ad90c22706d7a7d9bb94f094239ce91157793bb0ec7d606ca732118a902
        - digest: sha256:9cd226818a10503d97068514672e9af0aa91e9c26d3c8c4f494b61ab98c0dab7
          media-type: application/vnd.oci.image.manifest.v1+json
          platform: unknown/unknown
          annotations:
            vnd.docker.reference.type: attestation-manifest
            vnd.docker.reference.digest: sha256:e25f813685e4ce58d81dba1db905bc76f6c4da877c0baa094a03766ab650bbf2

Invoke the list-repositories operation

Fetch the list of available repositories from the remote registry.

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/image-registry/remote-registries/{remote-registry-address}/list-repositories
Response samples 
repositories:
  - avassa-public/movie-theaters-demo/kettle-popper-manager
  - avassa-public/movie-theaters-demo/curtain-controller
  - avassa-public/movie-theaters-demo/visitors-counter

Invoke the pull operation

Pull an image from this remote registry.

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

Request Body schema:
One of:
all-platforms
boolean

Must have the value true.

Include all platforms that are available for this image.

image
required
string <image-string>
to
string <image-string>

Optional target repository and tag

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/image-registry/remote-registries/{remote-registry-address}/pull
Request samples 
image: avassa-public/movie-theaters-demo/kettle-popper-manager:v1.0
platform: x86_64
to: avassa/kettle-popper-manager
Response samples 
name: avassa/kettle-popper-manager:latest
digest: sha256:38cd92e53bd34757638e833d179198fc8254b8ed6156e9fc70946bd4eec4ba26
tag-updated: true

Invoke the verify-credentials operation

Try to connect and authenticate with the remote registry. Returns 'success' or an error message.

SecurityaccessToken
Request
path Parameters
remote-registry-address
required
string <registry-address>

The address of the remote registry.

Request Body schema:
image
string <image-string>

If an image string is specified, try to authenticate and verify that that particular image is readable.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/image-registry/remote-registries/{remote-registry-address}/verify-credentials
Request samples 
image: avassa-public/movie-theaters-demo/curtain-controller
Response samples 
success: true
digest: sha256:565f2b8629c3f5e6b79b78157fdb0c640e5a4fc53a43f728624be7df8831bd3e
➔ Next to Remote Registry Operations