Subtenant Remote Registries

A list of remote registries used when fetching application images. By adding an entry here, and adding credentials to Strongbox it is possible to fetch images from an authenticated registry.

Create a new remote registry

SecurityaccessToken

Request

path Parameters

tenant-name

required

string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of tenant

query Parameters

validate

string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"

Request Body schema:
application/yaml

address required	string <registry-address> The address of the remote registry.
override-address	string <registry-address> When override-address is set, that will be used instead of address.
ca-cert	string <ca-cert> One or more root certificates in PEM format. By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.
	Array of objects Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to . In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have `repository: avassa-public` it will be used for `avassa-public/kettle-popper-manager` as well as `avassa-public/projector-operations`. But not for example for `redis`. `- repository: "" vault: myvault secret: a - repository: avassa-public vault: myvault secret: b - repository: avassa-public/digital-assets-manager vault: myvault secret: c` With the above example, secret `b` would be used for `avassa-public/kettle-popper-manager` as well as `avassa-public/projector-operations`. However for `avassa-public/digital-assets-manager` secret c would be used. And for `redis` secret a would be used.

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict (instance exists)

503

Service Unavailable (strongbox sealed)

post/v1/config/tenants/{tenant-name}/image-registry/remote-registries

Request samples

Payload

address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the configuration of all remote registries

SecurityaccessToken

Request

path Parameters

tenant-name

required

string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of tenant

query Parameters

fields	string Retrieve only requested fields from the resource See section fields
validate	string <enumeration> Validate the request but do not actually perform the requested operation Value: "true"
keys	string <enumeration> Retrieve only the keys for the list Value: "true"
count	string <enumeration> Retrieve only the number of elements in the list Value: "true"

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/tenants/{tenant-name}/image-registry/remote-registries

Response samples

200

- address: registry.example.com
  override-address: registry.example.com:6000
  ca-cert: |
    -----BEGIN CERTIFICATE-----
    MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
    XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
    WqxB6A==
    -----END CERTIFICATE-----
  credentials:
    - repository: "*"
      vault: myvault
      secret: a
    - repository: avassa-public
      vault: myvault
      secret: b
    - repository: avassa-public/digital-assets-manager
      vault: myvault
      secret: c

Update a remote registry

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

query Parameters

validate

string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"

Request Body schema:
application/yaml

address required	string <registry-address> The address of the remote registry.
override-address	string <registry-address> When override-address is set, that will be used instead of address.
ca-cert	string <ca-cert> One or more root certificates in PEM format. By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.
	Array of objects Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to . In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have `repository: avassa-public` it will be used for `avassa-public/kettle-popper-manager` as well as `avassa-public/projector-operations`. But not for example for `redis`. `- repository: "" vault: myvault secret: a - repository: avassa-public vault: myvault secret: b - repository: avassa-public/digital-assets-manager vault: myvault secret: c` With the above example, secret `b` would be used for `avassa-public/kettle-popper-manager` as well as `avassa-public/projector-operations`. However for `avassa-public/digital-assets-manager` secret c would be used. And for `redis` secret a would be used.

Responses

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

patch/v1/config/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}

Request samples

Payload

address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Delete a remote registry

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

query Parameters

validate

string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"

Responses

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

delete/v1/config/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}

Replace or create a new remote registry

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

query Parameters

validate

string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"

Request Body schema:
application/yaml

address required	string <registry-address> The address of the remote registry.
override-address	string <registry-address> When override-address is set, that will be used instead of address.
ca-cert	string <ca-cert> One or more root certificates in PEM format. By default the system root CA certs will be used to verify the remote registry. If the remote registry does not have an official certificate (for example if it is using a self-signed certificate) add its CA cert or the cert itself here.
	Array of objects Credentials to use when connecting to this registry. When the credentials should be used for all repositories in this registry, set the repository to . In order to only use credentials for a specific repository, or set of repositories their name can be set here, and the longest matching repository name will be chosen. For example, if you have `repository: avassa-public` it will be used for `avassa-public/kettle-popper-manager` as well as `avassa-public/projector-operations`. But not for example for `redis`. `- repository: "" vault: myvault secret: a - repository: avassa-public vault: myvault secret: b - repository: avassa-public/digital-assets-manager vault: myvault secret: c` With the above example, secret `b` would be used for `avassa-public/kettle-popper-manager` as well as `avassa-public/projector-operations`. However for `avassa-public/digital-assets-manager` secret c would be used. And for `redis` secret a would be used.

Responses

201

Created

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

put/v1/config/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}

Request samples

Payload

address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the configuration of a remote registry

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

query Parameters

fields	string Retrieve only requested fields from the resource See section fields
validate	string <enumeration> Validate the request but do not actually perform the requested operation Value: "true"

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}

Response samples

200

address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Retrieve the state of all remote registries

SecurityaccessToken

Request

path Parameters

tenant-name

required

string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of tenant

query Parameters

fields	string Retrieve only requested fields from the resource See section fields
site	string Send the request to the specfifed site
content	string <enumeration> Filter descendant nodes in the response Enum: "config" "nonconfig"
keys	string <enumeration> Retrieve only the keys for the list Value: "true"
count	string <enumeration> Retrieve only the number of elements in the list Value: "true"

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/tenants/{tenant-name}/image-registry/remote-registries

Response samples

200

- address: registry.example.com
  override-address: registry.example.com:6000
  ca-cert: |
    -----BEGIN CERTIFICATE-----
    MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
    XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
    WqxB6A==
    -----END CERTIFICATE-----
  credentials:
    - repository: "*"
      vault: myvault
      secret: a
    - repository: avassa-public
      vault: myvault
      secret: b
    - repository: avassa-public/digital-assets-manager
      vault: myvault
      secret: c

Retrieve the state of a remote registry

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

query Parameters

fields	string Retrieve only requested fields from the resource See section fields
site	string Send the request to the specfifed site
content	string <enumeration> Filter descendant nodes in the response Enum: "config" "nonconfig"

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}

Response samples

200

address: registry.example.com
override-address: registry.example.com:6000
ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIFcDCCA1igAwIBAgIUIPuDwU8c4lqnTlPNHmDlqsw7b8QwDQYJKoZIhvcNAQEL
  XiMeFT5d7CImdCSZxjzfBGoLNEkOpU6F799icb3VX2URbzfPuSKVp3umsdT8gx4s
  WqxB6A==
  -----END CERTIFICATE-----
credentials:
  - repository: "*"
    vault: myvault
    secret: a
  - repository: avassa-public
    vault: myvault
    secret: b
  - repository: avassa-public/digital-assets-manager
    vault: myvault
    secret: c

Invoke the list-images operation

Fetch the list of available images from the remote registry.

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

Request Body schema:
application/yaml

One of:

tag	string <tag> ^[a-zA-Z0-9_][a-zA-Z0-9_.-]*$ Only fetch the images with this tag.
repository required	string <repository-string>

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}/list-images

Request samples

Payload

repository: avassa-public/movie-theaters-demo/kettle-popper-manager
tags:
  - latest
  - v1.0

Response samples

200

images:
  - name: avassa-public/movie-theaters-demo/kettle-popper-manager:latest
    digest: sha256:d0a38dc334e40c3a3812f1d36f6568d1cbef29ae294ab6d36cb36983b1233f18
    type: image-index
    images:
      - digest: sha256:5d8dea50be787ce679a676dafc6e63c4af27bc97d8cd455387b73b89b03742fa
        platform: linux/amd64
        image-id: sha256:30f8fc5a7f151873cf9fc3c0b628ef702c69ae08e418e17440d012c088bc05d1
        compressed-size: 34.87 MiB
        labels: {}
      - digest: sha256:f3596779cc390183741447c29b16b281e21c35e9456221ebb735b51d5248cc5e
        platform: linux/arm64
        image-id: sha256:4c5d3a3cc10cee34a7300aa2eac106e8d733999d0f05bfd1bbdfb7a808bb3818
        compressed-size: 34.92 MiB
        labels: {}
  - name: avassa-public/movie-theaters-demo/kettle-popper-manager:v1.0
    digest: sha256:38cd92e53bd34757638e833d179198fc8254b8ed6156e9fc70946bd4eec4ba26
    type: image-index
    images:
      - digest: sha256:5d8dea50be787ce679a676dafc6e63c4af27bc97d8cd455387b73b89b03742fa
        platform: linux/amd64
        image-id: sha256:30f8fc5a7f151873cf9fc3c0b628ef702c69ae08e418e17440d012c088bc05d1
        compressed-size: 34.87 MiB
        labels: {}
      - digest: sha256:419bb49533b1825b2448abe8e310773f22a6158142bf570f17b8e3a07d4f82e4
        platform: linux/arm64
        image-id: sha256:924653a7208e0ff754b0416ef8bbffa229f79ed88bbb8e56fc337f51fb58c6b8
        compressed-size: 34.92 MiB
        labels: {}

Invoke the list-repositories operation

Fetch the list of available repositories from the remote registry.

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}/list-repositories

Response samples

200

repositories:
  - avassa-public/movie-theaters-demo/kettle-popper-manager
  - avassa-public/movie-theaters-demo/curtain-controller
  - avassa-public/movie-theaters-demo/visitors-counter

Invoke the pull operation

Pull an image from this remote registry.

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

Request Body schema:
application/yaml

One of:

all-platforms	boolean Must have the value `true`. Include all platforms that are available for this image.
image required	string <image-string>
to	string <image-string> Optional target repository and tag

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}/pull

Request samples

Payload

image: avassa-public/movie-theaters-demo/kettle-popper-manager:v1.0
platform: x86_64
to: avassa/kettle-popper-manager

Response samples

200

name: avassa/kettle-popper-manager:latest
digest: sha256:38cd92e53bd34757638e833d179198fc8254b8ed6156e9fc70946bd4eec4ba26
tag-updated: true

Invoke the verify-credentials operation

Try to connect and authenticate with the remote registry. Returns 'success' or an error message.

SecurityaccessToken

Request

path Parameters

tenant-name required	string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ name of tenant
remote-registry-address required	string <registry-address> The address of the remote registry.

Request Body schema:
application/yaml

image

string <image-string>

If an image string is specified, try to authenticate and verify that that particular image is readable.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/tenants/{tenant-name}/image-registry/remote-registries/{remote-registry-address}/verify-credentials

Request samples

Payload

image: avassa-public/movie-theaters-demo/curtain-controller

Response samples

200

success: true
digest: sha256:565f2b8629c3f5e6b79b78157fdb0c640e5a4fc53a43f728624be7df8831bd3e

Subtenant Remote Registries

Create a new remote registry

path Parameters

query Parameters

Request Body schema: application/yamlapplication/jsonapplication/yaml

Retrieve the configuration of all remote registries

path Parameters

query Parameters

Update a remote registry

path Parameters

query Parameters

Request Body schema: application/yamlapplication/jsonapplication/yaml

Delete a remote registry

path Parameters

query Parameters

Replace or create a new remote registry

path Parameters

query Parameters

Request Body schema: application/yamlapplication/jsonapplication/yaml

Retrieve the configuration of a remote registry

path Parameters

query Parameters

Retrieve the state of all remote registries

path Parameters

query Parameters

Retrieve the state of a remote registry

path Parameters

query Parameters

Invoke the list-images operation

path Parameters

Request Body schema: application/yamlapplication/jsonapplication/yaml

Invoke the list-repositories operation

path Parameters

Invoke the pull operation

path Parameters

Request Body schema: application/yamlapplication/jsonapplication/yaml

Invoke the verify-credentials operation

path Parameters

Request Body schema: application/yamlapplication/jsonapplication/yaml

Request Body schema:
application/yaml

Request Body schema:
application/yaml

Request Body schema:
application/yaml

Request Body schema:
application/yaml

Request Body schema:
application/yaml

Request Body schema:
application/yaml