The image manager

The image manager is a layer that runs over the Docker registry V2 API. The image manager provides management functions and authorization for image repositories that the Docker registry stores.

The image manager integrates with the Docker registry to provide a local registry service that functions in the same way as the cloud-based registry service in Docker Hub. The local registry, unlike the external service Docker Hub, provides restrictions on which users can view or pull images. This local registry maintains push restrictions that Docker Hub enforces.

You can add Docker images to the IBM Cloud Private cluster image registry by using the Docker command line operations. For more information about Docker, see Get Started, Part 1: Orientation and setup on the Docker docs page .

You can use the Docker client to push or pull images in your cluster. The image manager then uses the cluster's authentication service to access the credentials to a user that is logged in and provide access to the images.

Images that are added to the image registry are owned by namespaces. All the users within a namespace are owners of the images. An owner can remove or update the images from the cluster management console. Super administrators have full access to all images in the cluster. Owners can also update the scope of an image. Setting the scope can restrict an image to a specific namespace or allow the image to be accessible by all namespaces.

The management console allows you to view all images that are available to them. Click the image name to view additional information. After installing the Vulnerability Advisor, the image page displays the status of your scan for all images in the image registry.

To remove or update images that are inside the private image registry, you must use the image management API. For more information, see Image management API.