Docker Registry V2 API

You can run Docker API commands. IBM Cloud Pak® for Multicloud Management version 2.3.1 uses a Docker distribution that implements the Docker Registry V2 API spec to manage the storage of Docker images.

Both cluster administrator and administrator can access the Docker Registry API. However, administrators can access only resources that belong to their namespace. Cluster administrators can access all resources in the cluster.

For details about the Docker Registry V2 API, refer to the official documentation:

• Docker Registry HTTP API V2
• Docker Registry v2 authentication via central service

Running Docker API commands

When you run a Docker API command, you must obtain an authentication certificate from a cluster node and specify the authentication token.

You must copy the /etc/docker/certs.d/<Cluster Master Host>:8500/ca.crt file, the authentication certificate, from a cluster node to the node that runs the API commands.

<Cluster Master Host>:<Cluster Master API Port> are used to access the APIs. The parameters are defined in Master endpoints.

You can store the authentication token in the ID_TOKEN variable by running the following commands:

export CMD=`curl --cacert /<certificate_path>/ca.crt -s -u admin:admin "https://<Cluster Master Host>:<Cluster Master API Port>/image-manager/api/v1/auth/token?service=token-service&scope=registry:catalog:*"`

export ID_TOKEN=$(echo $CMD | python -c 'import sys,json; print json.load(sys.stdin)["token"]')

echo $ID_TOKEN

Then you can use the authentication token in your REST commands. For example, to get a list of images from Docker Registry, run the following command:

curl --cacert /<certificate_path>/ca.crt -s -H "Authorization: Bearer $ID_TOKEN" "https://<Cluster Master Host>:8500/v2/_catalog"

In this command, $ID_TOKEN is the variable that stores the authentication cookie for your cluster.

The output resembles the following code:

{"repositories":[]}