Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Once you have created a Container Registry, you will want to create one or more tokens to provide (and control) access to your registry.
1. To create a Token for a Container Registry, go to Menu > Containers > Container Registry.
2. In the Container Registry Manager, select the Container Registry that you want to configure.
3. Click on the + Add in the Tokens section to create a new Token
4. Complete the following fields:
Name This is a user-visible name for the token so that it can be easily identified
Status Leave as Enabled. The token can be Disabled at a later date if required
Expiry Date (if required)
Scopes: Scopes define what actions the token has permission to perform and on which repositories. You must have at least one scope added (by clicking the Add scope button). You can have multiple scopes if the token needs different permissions per repository.
Name
List the names of the repositories to which the token will have access. *
can be used as a wildcard. *
will provide access to all repositories
Actions Select the required Actions for the token (Pull, Push and/or Delete)
Type Choose either repository or registry. Use registry to get the list of repositories in the registry. Use repository to manage the contents of the repository(s)
Click Add scope and add further scopes if needed
5. Click Save
6. You are then presented with the details of the created credential and the Docker Login command using the newly created token.
Note: This is the only time you will be able to access the password for this token. It is not possible to recover the password for a token so you must store it securely and safely.
Prerequisites: Make sure you have the appropriate permissions. Only Contract Owners, Admins or Users with the Manage Registry permission can create a Container Registry. Other user types have read-only access.
1. To create a Container Registry, go to Menu > Containers > Container Registry.
2. In the Container Registry Manager, click + Add to start creating a new container registry.
3. Provide an appropriate Name.
Note: The registry name must be globally unique across all customers. It is not possible to change the registry name later.
4. Choose the Location where you want your container registry to be run and the images to be stored.
Note: It is not possible to change the location later.
5. Click Create Registry. Your Container Registry and storage will be created.
6. Your Container Registry will be ready to use when the status is updated to "Running".
The IONOS Cloud Container Registry is a universal repository manager with a recommended service for storing and managing custom container images and other artifacts in IONOS Cloud. Deploying and pulling images can be done using the Docker CLI or added directly to a Kubernetes deployment.
The IONOS Cloud Container Registry provides users with a dedicated registry or multiple registries based on their contracts, allowing them to host their own Docker images without the need for an external provider (such as Docker Hub).
A container registry is created to store and share custom images in the same regions where you deploy them. Container Registry is a high-performance platform for storing custom image containers. It can be used as part of CI/CD workflows for container workloads.
You can order and manage the Container Registry through the API. The API will allow integration into the Data Center Designer (DCD).
The IONOS Cloud Container Registry allows you to manage compatible registries by offering the following:
An authenticated registry where OCI-compliant artifacts (including Docker container images) can be stored and retrieved.
Access via the Public Internet and secure by requiring authentication to view, push, or pull images. The Container Registry is maintained by IONOS Cloud on your behalf, which means that our experts will apply non-stop patches to the underlying infrastructure and Container Registry software.
All images stored in the container registry are encrypted at rest.
Each container registry can have many repositories.
The IONOS Cloud Container Registry specifications are as follows:
Our platform is responsible for providing the operations required to facilitate the distribution of images.
The container registry is accessible from the public internet and maximally available (High availability setup) for pushing and pulling artifacts.
The service is managed, including any components on which it is built.
The container registry supports the Docker Registry HTTP API v2, which allows it to be integrated into an automated CI/CD pipeline.
It also supports authentication tokens for use by robot accounts to be able to integrate into an automated CI/CD pipeline. You can create a one-time token to allow the CI/CD pipeline to push a new image.
You can use the registry with Docker Registry HTTP API v2 compliant tools, e.g. Docker CLI.
It is possible to use the same credentials to access all registries and repositories in the same IONOS Cloud account that the user has access to.
All data in the registry will be encrypted at rest.
The IONOS Cloud Container Registry is available in DE and FRA regions.
Lets’ check out what IONOS Container Registry brings with itself:
create a registry access token with limited or unlimited permissions
create a temporary registry access token with limited or unlimited permissions
support for docker tools
login to registry
push an image
pull an image
delete an image
The following prices apply to IONOS Cloud Container Registry:
Note: The network traffic is not charged.
There are the following few limitations when working with IONOS Container Registry APIs:
You cannot choose your own encryption keys (Trust-No-One) to use when encrypting data at rest, the Container Registry platform manages the keys.
There is no way to grant repository access permissions to push, pull and/or delete from a specific repository.
Any unauthenticated user will not be able to access the registry contents.
Each Container Registry has the option to configure the Garbage Collection schedule. By default, Garbage Collection is disabled because each customer will choose a schedule based upon their needs.
Garbage Collection frees up storage space for image layers data that are no longer referenced. This is necessary if, for example, all your images use the same base operating system image. Garbage Collection ensures that layers are not referenced by other images before deletion.
The duration of Garbage Collection will increase based on the volume of deleted repositories or tags and the total number of repositories and tags to be checked.
Note: During Garbage Collection, the container registry is read only. This is so that a complete analysis can be completed without changes being made to repositories.
1. To configure Garbage Collection for a Container Registry, go to Menu > Containers > Container Registry.
2. In the Container Registry Manager, select the Container Registry that you want to configure.
3. Click on the edit icon.
4. Select the day and time that you want Garbage collection to run on a weekly basis.
Note: For more granular and customised control over the Garbage Collection schedule, you can do this via the API.
Specification | Status |
---|---|
Description | Price |
---|---|
Docker Registry
Yes
Built-in CI/CD
The container registry supports the Docker Registry HTTP v2 API, allowing it to be integrated into an automated CI/CD pipeline.
Built-in OSS Vulnerability Scan
No
Price per GB per month
0.04 €
To create a container registry, you should be aware of available locations where you can create your container registry.
Note: The retrieved locations are read-only and cannot be changed.
200 OK - Successfully received the locations of a registry
Note:
Your values will differ from those in the sample code. Your response will have different locations
.
A location is identified by a combination of the following characters:
a two-character value in Id
represents a country (example: de
)
a three-character value in Id
represents a city. The locationId
is typically based on the IATA code of the city's airport (example: fra
).
Once you have fetched your required information, you can now create a new registry. For the registry, you can alter the days and time. You can also update the location based on the available container registry locations.
We assume the following prerequisites:
With the POST
request, you can create a container registry.
You can update the limit value to get specific registries based on the limit value being passed.
200 OK - Successfully showed the list of registries
Note:
Your values will differ from those in the sample code. The container registry will be created as shown in the 201 response. Your response will have a different id
, createdBy
and createdDate
.
Here, we do not get a hostname in the output because the host has not be allocated yet.
400 Bad Request - The request made is invalid or corrupted
This section shows you how to create a registry token. We assume the following prerequisite:
In this guide, we used test named repository to create registry tokens. Therefore, it is important that the you know your container registry name.
With the POST
request, you get the registry token. You will need to provide registry ID:
Note: The sample requestID
is 789f8e3c-d5c8-4359-8f85-c200fb89e97c
200 OK - Successfully showed the list of registries
Note:
Your values will differ from those in the sample code. Your response will have a different id
for your token.
Save the username and password in the reponse sample for using the Docker commands.
409 - Conflict
If you want to push your local images to docker repository, you need to login to it using:
You need to enter the following options to login:
Hostname
Username
Password
For more information, refer to the the Docker Commands.
You can push the images to your registry by providing all required information. You can query registries and look at images manifest, discover tags, delete layers and delete manifest etc. In the Docker API calls:
You can use the name of registry
Authenticate the API calls with a token
To know more, explore the Docker Documentation. On the other hand, DCD uses an easy to opt passthrough feature which as discussed uses Basic Auth feature, so you dont need to use a separate authentication method for Data Center Designer (DCD).
The IONOS Cloud Container Registry service allows you to manage Docker and OCI compatible registries for use by your managed Kubernetes clusters. Use a container registry to make sure you have a private registry to effectively support pulling images.
Endpoint: https://api.ionos.com/containerregistries
To make authenticated requests to the API, you must include a few fields in the request headers. Please find relevant descriptions below:
We use curl
in our examples, as this tool is available on Windows 10, Linux and macOS. Please refer to our blogpost about curl
on Windows if you encounter any problems:
Once you have all the information about the available locations, you can check out the name of existing registries. The name you choose should be available and must not be already in use.
Note:
Your chosen name must be available for the registry.
All registry names must be unique.
Make sure the name is suitable for use in the new registry: it only uses the characters "a-z", "0-9" or "-", starts with a letter and ends with a letter or number, and can be from 3 to 63 characters long and is accessible.
You can retrieve all the existing registries to check out the available names.
You can update the limit value to get specific registries.
Field | Type | Description | Example |
---|---|---|---|
200 OK - Successfully showed the list of registries
Note: Your values will differ from those in the sample code. Your response will have a different id
and existing registries
.
You can get the information for a particular container registry. At this point, a hostname will be allocated to your registry. The registry hostname becomes a part of your image or your manifest or the repository name.
With the GET
request, you can fetch the registry information by ID. The registryId
must be provided. You can get it through GET Registries API call.
Note: The sample requestID
is 789f8e3c-d5c8-4359-8f85-c200fb89e97c
Field | Type | Description | Example |
---|---|---|---|
200 OK - Successful operation
Note:
Your values will differ from those in the sample code. Your response will have a different id
and a hostname
.
Save the hostname in the reponse sample for using the Docker commands.
400 Bad Request - The request made is invalid or corrupted
404 Not Found - The server did not find anything matching the request
Once you have created a repository using the and performed all operations you can delete the repository completely. Since does not allow to delete the entire repository, you can use IONOS Container Registry's API call for deleting the repository.
To delete your repository, the registryId and repository name for the repository to be deleted must be provided.
You can get registryId
through .
Delete the repository using the following curl
command:
Note: The sample requestID
is a8fb592e4-494c-11ed-b878-0242ac120002 and the sample registry_name
is test
Field | Type | Description | Example |
---|
204 - No Content
The request was successfully fulfilled and there is no content in the body.
To delete your container registry, destroying all container image data stored in it. The registryId
must be provided. You can get it through .
Delete the registry using the following curl
command:
Note: The sample requestID
is 789f8e3c-d5c8-4359-8f85-c200fb89e97c
Field | Type | Description | Example |
---|
204 - No Content
The request was successfully fulfilled and there is no content in the body.
404 Bad Request - Not Found
This way you can delete the registry completely.
IONOS Cloud Container Registry is a managed service that provides users with a dedicated Docker registry or multiple registries as part of their contract. This enables them to host their own Docker images without the need for an external provider (such as Docker Hub).
Refer to the workflow.
IONOS Container Registry is private and requires authentication to access it. It resides in the same infrastructure as your other IONOS Cloud infrastructure. Any unauthenticated user will not be able to access the registry contents. IONOS Container Registry software ensures that everything being used is up-to-date and resilient. You don't need to use mK8s capacity to run and manage your Container Registry.
Refer to the workflow.
Refer to the and go to the documentation.
The following are a few limitations of the IONOS Container Registry:
You cannot choose your encryption keys (Trust-No-One) when encrypting data at rest; the Container Registry platform manages the keys.
There is no way to grant repository access permissions to push, pull and/or delete from a specific repository.
There is no security scanning service so that you can receive feedback when the artifacts are exposed to a security risk.
An unauthenticated user will not be able to access the registry contents.
To have a registry, you need authentication and authorization, and the registry's contents must not be accessible to unauthenticated users.
All container registries are available on the public internet but cannot be accessed without a token with the correct rights.
To delete your token, the registryId
and tokenId
to be deleted must be provided.
You can get registryId through and .
Delete the information about the token using the following curl
command:
Note: The sample requestID
is 779f8e3c-d5c8-4359-8f85-c200fb89e97c and the sample tokenID
is 4b120b87-91ab-4ec2-8952-cc771a37bd08
Field | Type | Description | Example |
---|
204 - No Content
The action was successful and the response body is empty.
400 Bad Request - The request made is invalid or corrupted
404 Bad Request - Not Found
This way you can delete a particular token.
Field | Type | Description | Example |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
Header | Required | Type | Description |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
Authorization
yes
string
HTTP Basic authorization. A base64 encoded string of a username and password separated by a colon. username@domain.tld:password
X-Contract-Number
no
integer
Users with more than one contract may apply this header to indicate the applicable contract.
Content-Type
yes
string
Set this to application/json
.
id
string
The id of the object that has been retrieved.
locations
type
string
The type of the resource that has been retrieved.
collection
ref
URL (string)
URL to the object representation (absolute path)
https://api.ionos.com/cloudapi/v6/locations
items
array
The location of the container registry
"id": "de/fra"
limit
integer
The limit of the registries that have been retrieved
5
limit
number
The output value if specified in the request.
5
id
string
The ID of the fetched output.
locations
type
string
The type of the resource that has been retrieved.
collection
href
URL (string)
URL to the object representation (absolute path).
https://api.ionos.com/cloudapi/v6/locations
createdBy
string
The ID of the user or service account that initiated the operation.
samplel@ionos.com
createdByUserId
string
The email ID of the user or service account that initiated the operation.
7ee77dcf-093f-48e6-9a14-161c73568589
location
string
The location of the resource.
es/vit
days
array
The days of the week selected.
Monday
days
array
The days of the week selected.
Monday
time
string
The timestamp of creation of the registry
19:30:00+00:00
location
string
The location of the resource.
de/fra
name
string
The name of the registry. It must be unique within the folder.
Demo
days
array
The days of the week selected.
Monday
id
string
The ID of fetched output.
locations
type
string
The type of resource.
registry
createdBy
string
ID of the user or service account that initiated the operation.
sample@ionos.com
createdDate
string
The date when the operation was initiated.
h2022-10-07T14:30:06Z
days
array
The days of the week selected.
Sunday, Saturday
registryId
string
The ID of the registry to return. This is required.
789f8e3c-d5c8-4359-8f85-c200fb89e97
createdBy
string
The user who created the token.
sample@test.com
type
string
The type of resource.
registry
createdByUserId
string
The ID of the user or service account that initiated the operation.
8fb59000-494c-11ed-0242ac120002
createdDate
string
The date when the operation was initiated.
2022-10-07T14:30:06Z
state
string
The status of the registry.
Running
hostname
string
The allocated hostname for the particular registry.
demo.cr.de-fra.test.com
id
string
The id of the created token.
8fb592e4-494c-11ed-b878-0242ac120002
createdBy
string
The user who created the token.
sample@sample.com
createdByUserId
string
The ID of the user or service account that initiated the operation.
8fb59000-494c-11ed-0242ac120002
state
string
The status of the registry.
Running
hostname
string
The allocated hostname for the particular registry.
demo.cr.de-fra.test.com
registryId | string | The ID of the registry to return. This is required. |
|
repository_name | string | The name of the registry. It must be unique within the folder. |
|
registryId | string | The ID of the registry to be deleted. It is a required field. |
|
registryId | string | The ID of the registry to be deleted. |
|
tokenId | string | TThe associated ID of the token to be deleted. |
|