Docker Registry V2 API

You can run Docker API commands. IBM® Cloud Private Version 3.1.0 uses a Docker distribution that implements the Docker Registry V2 API spec to manage the storage of Docker images.

Both super and team administrators can access the Docker Registry API. However, team administrators can access only resources that belong to their namespace. Super administrators can access all resources in the cluster.

For details about the Docker Registry V2 API, refer to the official documentation:

• Docker Registry HTTP API V2
• Docker Registry v2 authentication via central service

Running Docker API commands

When you run a Docker API command, you must obtain an authentication certificate from a cluster node and specify the authentication token.

You must copy the /etc/docker/certs.d/<cluster_CA_domain>:8500/ca.crt file, the authentication certificate, from a cluster node to the node that runs the API commands.

You can store the authentication token in the ID_TOKEN variable by running the following commands:

export CMD=`curl --cacert /<certificate_path>/ca.crt -s -u admin:admin "https://<cluster_CA_domain>:8443/image-manager/api/v1/auth/token?service=token-service&scope=registry:catalog:*"`

export ID_TOKEN=$(echo $CMD | python -c 'import sys,json; print json.load(sys.stdin)["token"]')

echo $ID_TOKEN

Then you can use the authentication token in your REST commands. For example, to get a list of images from Docker Registry, run the following command:

curl --cacert /<certificate_path>/ca.crt -s -H "Authorization: Bearer $ID_TOKEN" "https://<cluster_CA_domain>:8500/v2/_catalog"

In this command, $ID_TOKEN is the variable that stores the authentication cookie for your cluster.

The output resembles the following code:

{"repositories":[]}