Managing Container Images

With orcharhino, you can import container images from various sources and distribute them to external containers using Content Views.

Importing Container Images

You can import container image repositories from any container image registry.

This procedure uses repository discovery to find container images and import them as repositories. For more information about creating a product and repository manually, see Importing Content.

To use the CLI instead of the orcharhino management UI, see the CLI procedure.

Procedure
  1. In the orcharhino management UI, navigate to Content > Products and click Repo Discovery.

  2. From the Repository Type list, select Container Images.

  3. In the Registry to Discover field, enter the URL of the registry to import images from.

  4. In the Registry Username field, enter the name that corresponds with your user name for the container image registry.

  5. In the Registry Password field, enter the password that corresponds with the user name that you enter.

  6. In the Registry Search Parameter field, enter any search criteria that you want to use to filter your search, and then click Discover.

  7. Optional: To further refine the Discovered Repository list, in the Filter field, enter any additional search criteria that you want to use.

  8. From the Discovered Repository list, select any repositories that you want to import, and then click Create Selected.

  9. Optional: To change the download policy for this docker repository to on demand, see changing the download policy for a repository.

  10. Optional: If you want to create a product, from the Product list, select New Product.

  11. In the Name field, enter a product name.

  12. Optional: In the Repository Name and Repository Label columns, you can edit the repository names and labels.

  13. Click Run Repository Creation.

  14. When repository creation is complete, you can click each new repository to view more information.

  15. Optional: To filter the content you import to a repository, click a repository, and then navigate to Limit Sync Tags. Click to edit, and add any tags that you want to limit the content that synchronizes to orcharhino.

  16. In the orcharhino management UI, navigate to Content > Products and select the name of your product.

  17. Select the new repositories and then click Sync Now to start the synchronization process.

To view the progress of the synchronization, navigate to Content > Sync Status and expand the repository tree.

When the synchronization completes, you can click Container Image Manifests to list the available manifests. From the list, you can also remove any manifests that you do not require.

CLI procedure
  1. Create the custom Rocky Linux Container Images product:

    # hammer product create \
    --description "My_Description" \
    --name "Rocky Linux Container Images" \
    --organization "My_Organization" \
    --sync-plan "My_Sync_Plan"
  2. Create the repository for the container images:

    # hammer repository create \
    --content-type "docker" \
    --docker-upstream-name "rockylinux/rockylinux" \
    --name "Rocky Linux" \
    --organization "My_Organization" \
    --product "Rocky Linux Container Images" \
    --url "https://quay.io"
  3. Synchronize the repository:

    # hammer repository synchronize \
    --name "Rocky Linux" \
    --organization "My_Organization" \
    --product "Rocky Linux Container Images"

Managing Container Name Patterns

When you use orcharhino to create and manage your containers, as the container moves through Content View versions and different stages of the orcharhino lifecycle environment, the container name changes at each stage. For example, if you synchronize a container image with the name ssh from an upstream repository, when you add it to a orcharhino product and organization and then publish as part of a Content View, the container image can have the following name: my_organization_production-custom_spin-my_product-custom_ssh. This can create problems when you want to pull a container image because container registries can contain only one instance of a container name. To avoid problems with orcharhino naming conventions, you can set a registry name pattern to override the default name to ensure that your container name is clear for future use.

Limitations

If you use a registry name pattern to manage container naming conventions, because registry naming patterns must generate globally unique names, you might experience naming conflict problems. For example:

  • If you set the repository.docker_upstream_name registry name pattern, you cannot publish or promote Content Views with container content with identical repository names to the Production lifecycle.

  • If you set the lifecycle_environment.name registry name pattern, this can prevent the creation of a second container repository with the identical name.

You must proceed with caution when defining registry naming patterns for your containers.

Procedure

To manage container naming with a registry name pattern, complete the following steps:

  1. In the orcharhino management UI, navigate to Content > Lifecycle Environments, and either create a lifecycle environment or select a lifecycle environment to edit.

  2. In the Container Image Registry area, click the edit icon to the right of Registry Name Pattern area.

  3. Use the list of variables and examples to determine which registry name pattern you require.

  4. In the Registry Name Pattern field, enter the registry name pattern that you want to use. For example, to use the repository.docker_upstream_name:

    <%= repository.docker_upstream_name %>
  5. Click Save.

Managing Container Registry Authentication

You can manage the authentication settings for accessing containers images from orcharhino. By default, users must authenticate to access containers images in orcharhino.

You can specify whether you want users to authenticate to access container images in orcharhino in a lifecycle environment. For example, you might want to permit users to access container images from the Production lifecycle without any authentication requirement and restrict access the Development and QA environments to authenticated users.

Procedure
  1. In the orcharhino management UI, navigate to Content > Lifecycle Environments.

  2. Select the lifecycle environment that you want to manage authentication for.

  3. To permit unauthenticated access to the containers in this lifecycle environment, select the Unauthenticated Pull checkbox. To restrict unauthenticated access, clear the Unauthenticated Pull checkbox.

  4. Click Save.

Using Container Registries

Podman and Docker can be used to fetch content from container registries.

Procedure

Logging in to the container registry:

# podman login orcharhino.example.com

Listing container images:

# podman search orcharhino.example.com/

Pulling container images:

# podman pull orcharhino.example.com/my-image:<optional_tag>

The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution–Share Alike 3.0 Unported ("CC-BY-SA") license. This page also contains text from the official Foreman documentation which uses the same license ("CC-BY-SA").