Please enable JavaScript.
Coggle requires JavaScript to display documents.
OCI Container Registry (OCIR) - Coggle Diagram
OCI Container Registry (OCIR)
Open Container Initiative compliant registry
Reliable Container App Deployment
simplifies development production workflow
easy to store/share/manage docker images
private/public docker repositories
IAM Integration
Easy auth with native OCI identity
Central registry for container images in tenancy region
Built with OCI Object Storage
Integration with OKE (Container Engine for Kubernetes)
Access to OCIR
User name for tenancy
Generate OCI auth token
setup IAM policy grants
inspect (view)
read (pull)
use (push)
manage (manage)
Open Container Initiative
OCIR = OCI Runtime
runtime spec
how to run file sys bundle
image spec
image
downloaded by OCI impl
unpacked as file sys bundle
has info to launch app as a container
on specified platform
image manifest: has metadata
image config: has app args and envs
OCI image = manifest + config + 1* layers
pushed into a Container registry
file system bundle
run by OCIR
Repositories
a Tenancy has 1* Regions
a Region has 1* Compartments
a Compartment has 1* Repositories
a Repository has 1* Images
Images are identified by repository name + tag
Registry and Repository Best Practices
Network-close deployment
Create repositories in separate compartments
delete unused image data
limit public repositories
OCI Client/Rest API
delete image
restore (deleted image up to 48h)
sign images fro security
OCI Images
Push/Pull
Docker CLI
Create auth token for user + copy it
log into OCIR with auth token (as pwd)
find image in repository to push to OCIR
$docker images + find image id
determine tag for copy of image
$docker push
$docker pull
FN Project CLI
fn deploy: auto push images
fn invoke: pushes function to
OCIR, auto pulls when
function used first time
Retention Policies
Auto Deletion:
No Pull for some days
not tagged for some days
not been given certain exemption
Docker Tags
Security Vulnerability Scan
Add scanner to 1* repositories
Scans vulnerabilities in published in VCE DB
Results retained for 13 months
Can be automated with CI / CD tools
Signing
verifies image source & integrity
uses a master encryption key from OCI vault
signature can be verified when pulling image