root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity
buildah/docs/buildah-push.1.md

168 lines
6.8 KiB
Markdown
Raw Permalink Normal View History

add --sign-by to bud/commit/push, --remove-signatures for pull/push Add the --sign-by option to `buildah build-using-dockerfile`, `buildah commit`, `buildah push`, and `buildah manifest push`. Add the `--remove-signatures` option to `buildah pull`, `buildah push`, and `buildah manifest push`. We just pass them to the image library, which does all of the heavy lifting. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #2085 Approved by: rhatdan
2020-01-16 01:23:38 +08:00
# buildah-push "1" "June 2017" "buildah"
Add a "push" command Add a "push" command, which pulls an image's layers from local storage, recomputes the image's digest and manifest, and uses the image library to write the result to the specified location. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #141 Approved by: rhatdan
2017-06-02 00:11:14 +08:00
## NAME
Make buildah push support pushing manifests lists and digests Currently manifests just look like images in container storage. It is surprising to the user when they go to push the images that they end up failing, and have to use the buildah manifest push. This patch causes buildah push to failover to buildah manifest push if the image is a manifest. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-08 00:43:28 +08:00
buildah\-push - Push an image, manifest list or image index from local storage to elsewhere.
Add a "push" command Add a "push" command, which pulls an image's layers from local storage, recomputes the image's digest and manifest, and uses the image library to write the result to the specified location. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #141 Approved by: rhatdan
2017-06-02 00:11:14 +08:00
## SYNOPSIS
docs: Follow man-pages(7) suggestions for SYNOPSIS man-pages(7) has [1]: > For commands, this shows the syntax of the command and its arguments > (including options); boldface is used for as-is text and italics are > used to indicate replaceable arguments. Brackets ([]) surround > optional arguments, vertical bars (|) separate choices, and ellipses > (...) can be repeated. I've adjusted our SYNOPSIS entries to match that formatting, and generally tried to make them more consistent with the precedent set by the man-pages project. Outside of the SYNOPSIS entry, I prefer using backticks for literals, although in some places I've left the ** bolding to keep things visually similar to a nearby SYNOPSIS entry. I've also simplified a few placeholders, e.g. "containerID" -> "container", because I didn't think the additional bit was providing much additional context. If there is ambiguity about the representation, it should be addressed in the DESCRIPTION instead of with an "ID" or "Name" suffix. [1]: http://man7.org/linux/man-pages/man7/man-pages.7.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #839 Approved by: rhatdan
2018-06-30 03:39:36 +08:00
**buildah push** [*options*] *image* [*destination*]
Add a "push" command Add a "push" command, which pulls an image's layers from local storage, recomputes the image's digest and manifest, and uses the image library to write the result to the specified location. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #141 Approved by: rhatdan
2017-06-02 00:11:14 +08:00
## DESCRIPTION
Pushes an image from local storage to a specified destination, decompressing
and recompessing layers as needed.
Improve buildah push man page and help information This better documents the options available to the user. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #186 Approved by: rhatdan
2017-07-13 21:14:41 +08:00
## imageID
Image stored in local container/storage
## DESTINATION
[CI:DOCS] push/pull: clarify supported transports As pointed out in containers/podman/issues/10730, the man pages of buildah/podman push/pull were incomplete in explaining all supported transports. To keep things simple, explain the defaults, refer to containers-transports(5). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-06-23 16:35:06 +08:00
DESTINATION is the location the container image is pushed to. It supports all transports from `containers-transports(5)` (see examples below). If no transport is specified, the `docker` (i.e., container registry) transport is used.
Push: Allow an empty destination In this case assume it's the same as source. This makes it compatible with `docker push`. Thus `buildah push my_registry/my_image` will behave like `buildah push my_registry/my_image docker://my_registry/my_image` Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com> Closes: #994 Approved by: rhatdan
2018-09-08 01:56:03 +08:00
Add a "push" command Add a "push" command, which pulls an image's layers from local storage, recomputes the image's digest and manifest, and uses the image library to write the result to the specified location. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #141 Approved by: rhatdan
2017-06-02 00:11:14 +08:00
## OPTIONS
Make buildah push support pushing manifests lists and digests Currently manifests just look like images in container storage. It is surprising to the user when they go to push the images that they end up failing, and have to use the buildah manifest push. This patch causes buildah push to failover to buildah manifest push if the image is a manifest. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-08 00:43:28 +08:00
**--all**
If specified image is a manifest list or image index, push the images in addition to
the list or index itself.
Use credentials from kpod login for buildah buildah push and from now use the credentials stored in ${XDG_RUNTIME_DIR}/containers/auth.json by kpod login if the auth file path is changed, buildah push and from can get the credentials from the custom auth file using the --authfile flag e.g buildah push --authfile /tmp/auths/myauths.json alpine docker://username/image Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #325 Approved by: rhatdan
2017-11-16 04:18:48 +08:00
**--authfile** *path*
[CI:DOCS] Fix typos and improve language Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-01-26 04:55:55 +08:00
Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json. If XDG_RUNTIME_DIR is not set, the default is /run/containers/$UID/auth.json. This file is created using `buildah login`.
Document location of auth.json file if XDG_RUNTIME_DIR is not set Fixes: https://github.com/containers/buildah/issues/3189 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-04-30 03:36:15 +08:00
Mention docker login in documentation for authentication Since we fall back to reading the credentials from $HOME/.docker/config set by docker login when kpod login doesn't have the credentials Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #331 Approved by: rhatdan
2017-11-21 23:08:12 +08:00
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
Use credentials from kpod login for buildah buildah push and from now use the credentials stored in ${XDG_RUNTIME_DIR}/containers/auth.json by kpod login if the auth file path is changed, buildah push and from can get the credentials from the custom auth file using the --authfile flag e.g buildah push --authfile /tmp/auths/myauths.json alpine docker://username/image Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #325 Approved by: rhatdan
2017-11-16 04:18:48 +08:00
Document location of auth.json file if XDG_RUNTIME_DIR is not set Fixes: https://github.com/containers/buildah/issues/3189 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-04-30 03:36:15 +08:00
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
Add authentication to commit and push Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #250 Approved by: rhatdan
2017-08-25 05:44:32 +08:00
**--cert-dir** *path*
Force "localhost" as a default registry Extend util.ResolveName() to prepend "localhost" to the list of registries, and teach util.FindImage(), util.ExpandNames(), and util.AddImageNames() to use util.ResolveName(). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #648 Approved by: rhatdan
2018-05-02 03:37:13 +08:00
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Uniform some man pages Small fixes to the man pages: * Ensure the explaination of the `--cert-dir` and `--tls-verify` flags are consistent across all the commands. * Ensure `buildah-login` and `docker-login` man pages are referenced by the sub commands that deal with authenticated registries. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2020-09-09 16:25:25 +08:00
The default certificates directory is _/etc/containers/certs.d_.
Add authentication to commit and push Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #250 Approved by: rhatdan
2017-08-25 05:44:32 +08:00
push: support to specify the compression format add two new flags to "buildah push" to allow tweaking the compression format for the data layers. The flag --compression-format allows users to specify the compression algorithm to use. With --compression-level it is possible to tweak the compression level. An image usage for partial pulls can be pushed with: $ buildah push --compression-format zstd:chunked FOO Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-09-22 23:34:16 +08:00
**--compression-format** *format*
Specifies the compression format to use. Supported values are: `gzip`, `zstd` and `zstd:chunked`.
**--compression-level** *level*
Specify the compression level used with the compression.
Specifies the compression level to use. The value is specific to the compression algorithm used, e.g. for zstd the accepted values are in the range 1-20 (inclusive), while for gzip it is 1-9 (inclusive).
Add authentication to commit and push Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #250 Approved by: rhatdan
2017-08-25 05:44:32 +08:00
**--creds** *creds*
Prompt for un/pwd if not supplied with --creds Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2018-01-25 06:49:37 +08:00
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
Add authentication to commit and push Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #250 Approved by: rhatdan
2017-08-25 05:44:32 +08:00
Add --digestfile and Re-add push statement as debug We removed the "Succesfully pushed ..." statement from the end of the `buildah push` command in #1744. However we've had a request for that information still so I'm re-adding it as a debug statement and we can discuss if there's a better way or not. Also add the --digestfile option. With it the user will be able to specify a file to write the digest of the pushed image to for reference. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1799 Approved by: rhatdan
2019-08-17 02:03:38 +08:00
**--digestfile** *Digestfile*
After copying the image, write the digest of the resulting image to the file.
New CI check: xref --help vs man pages Run 'buildah --help', recursively against all subcommands, then cross-reference the results against docs/buildah*.md. Report differences in subcommands and/or flags. The majority of the changes in this PR are trivial (see below) but a handful may be controversial and require careful review: * Making 'bud' the default output of 'buildah help', with 'build-using-dockerfile' as an alias. This is the inverse of the situation until now: buildah would list build-using-dockerfile as the primary name. The man page, OTOH, lists 'bud'. The source file name is 'bud'. I suspect that most people type 'bud'. So, for consistency, I choose to make 'bud' the default visible command. * add --encryption-key and --encrypt-layer documentation to buildah-commit.md, and --encrypt-layer to -push.md. Please double-check the wording here. * remove --notruncate from buildah-images.md. The option does not exist (although there is a TODO comment in the code). If it should exist, it is left to the reader to implement. I would humbly suggest that this is a good idea, for consistency with buildah containers. * remove --shm-size from buildah-pull.md. The option does not exist, and I suspect this was a copy-paste error. * remove --security-opt from run.go. It was unimplemented and undocumented. * remove --userns-[gu]id-map from buildah-bud.md. These are global options, not bud options, and are documented well enough in buildah.bud. Trivial (IMO) changes: * split options in man pages, from '**--foo, -f**' to '**--foo**, **-f**'. This conforms with the style used in podman man pages. * add missing one-letter aliases (usually "-q", "-a") * add missing man page entries for some easy options * sort out-of-order subcommand listings in man pages Finally, do note that this is a copy-and-alter duplicate of the original script in podman, and that is horrible. In an ideal world I would've been able to refactor the podman version into something usable on both repos (and then more). It turns out the differences in man page format and in special-case handling are too broad to let me do a clean refactor. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-09-21 22:51:19 +08:00
**--disable-compression**, **-D**
Add a "push" command Add a "push" command, which pulls an image's layers from local storage, recomputes the image's digest and manifest, and uses the image library to write the result to the specified location. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #141 Approved by: rhatdan
2017-06-02 00:11:14 +08:00
Don't compress copies of filesystem layers which will be pushed.
implementation of encrypt/decrypt push/pull/bud/from Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-02 02:15:56 +08:00
**--encryption-key** *key*
Updated docs Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-05-13 03:20:13 +08:00
The [protocol:keyfile] specifies the encryption protocol, which can be JWE (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material required for image encryption. For instance, jwe:/path/to/key.pem or pgp:admin@example.com or pkcs7:/path/to/x509-file.
implementation of encrypt/decrypt push/pull/bud/from Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-02 02:15:56 +08:00
New CI check: xref --help vs man pages Run 'buildah --help', recursively against all subcommands, then cross-reference the results against docs/buildah*.md. Report differences in subcommands and/or flags. The majority of the changes in this PR are trivial (see below) but a handful may be controversial and require careful review: * Making 'bud' the default output of 'buildah help', with 'build-using-dockerfile' as an alias. This is the inverse of the situation until now: buildah would list build-using-dockerfile as the primary name. The man page, OTOH, lists 'bud'. The source file name is 'bud'. I suspect that most people type 'bud'. So, for consistency, I choose to make 'bud' the default visible command. * add --encryption-key and --encrypt-layer documentation to buildah-commit.md, and --encrypt-layer to -push.md. Please double-check the wording here. * remove --notruncate from buildah-images.md. The option does not exist (although there is a TODO comment in the code). If it should exist, it is left to the reader to implement. I would humbly suggest that this is a good idea, for consistency with buildah containers. * remove --shm-size from buildah-pull.md. The option does not exist, and I suspect this was a copy-paste error. * remove --security-opt from run.go. It was unimplemented and undocumented. * remove --userns-[gu]id-map from buildah-bud.md. These are global options, not bud options, and are documented well enough in buildah.bud. Trivial (IMO) changes: * split options in man pages, from '**--foo, -f**' to '**--foo**, **-f**'. This conforms with the style used in podman man pages. * add missing one-letter aliases (usually "-q", "-a") * add missing man page entries for some easy options * sort out-of-order subcommand listings in man pages Finally, do note that this is a copy-and-alter duplicate of the original script in podman, and that is horrible. In an ideal world I would've been able to refactor the podman version into something usable on both repos (and then more). It turns out the differences in man page format and in special-case handling are too broad to let me do a clean refactor. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-09-21 22:51:19 +08:00
**--encrypt-layer** *layer(s)*
Layer(s) to encrypt: 0-indexed layer indices with support for negative indexing (e.g. 0 is the first layer, -1 is the last layer). If not defined, will encrypt all layers if encryption-key flag is specified.
**--format**, **-f**
Add manifest type conversion to buildah push buildah push supports manifest type conversion when pushing using the 'dir' transport Manifest types include oci, v2s1, and v2s2 e.g buildah push --format v2s2 alpine dir:my-directory Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #321 Approved by: rhatdan
2017-11-10 01:52:50 +08:00
Fix documentation of the --format option of buildah push It affects all transports; and without --format, we try several manifest formats. [NO NEW TESTS NEEDED] Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-06-18 01:38:49 +08:00
Manifest Type (oci, v2s2, or v2s1) to use when pushing an image. (default is manifest type of the source image, with fallbacks)
Add manifest type conversion to buildah push buildah push supports manifest type conversion when pushing using the 'dir' transport Manifest types include oci, v2s1, and v2s2 e.g buildah push --format v2s2 alpine dir:my-directory Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #321 Approved by: rhatdan
2017-11-10 01:52:50 +08:00
New CI check: xref --help vs man pages Run 'buildah --help', recursively against all subcommands, then cross-reference the results against docs/buildah*.md. Report differences in subcommands and/or flags. The majority of the changes in this PR are trivial (see below) but a handful may be controversial and require careful review: * Making 'bud' the default output of 'buildah help', with 'build-using-dockerfile' as an alias. This is the inverse of the situation until now: buildah would list build-using-dockerfile as the primary name. The man page, OTOH, lists 'bud'. The source file name is 'bud'. I suspect that most people type 'bud'. So, for consistency, I choose to make 'bud' the default visible command. * add --encryption-key and --encrypt-layer documentation to buildah-commit.md, and --encrypt-layer to -push.md. Please double-check the wording here. * remove --notruncate from buildah-images.md. The option does not exist (although there is a TODO comment in the code). If it should exist, it is left to the reader to implement. I would humbly suggest that this is a good idea, for consistency with buildah containers. * remove --shm-size from buildah-pull.md. The option does not exist, and I suspect this was a copy-paste error. * remove --security-opt from run.go. It was unimplemented and undocumented. * remove --userns-[gu]id-map from buildah-bud.md. These are global options, not bud options, and are documented well enough in buildah.bud. Trivial (IMO) changes: * split options in man pages, from '**--foo, -f**' to '**--foo**, **-f**'. This conforms with the style used in podman man pages. * add missing one-letter aliases (usually "-q", "-a") * add missing man page entries for some easy options * sort out-of-order subcommand listings in man pages Finally, do note that this is a copy-and-alter duplicate of the original script in podman, and that is horrible. In an ideal world I would've been able to refactor the podman version into something usable on both repos (and then more). It turns out the differences in man page format and in special-case handling are too broad to let me do a clean refactor. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-09-21 22:51:19 +08:00
**--quiet**, **-q**
Cleanup buildah-push code 1. Sort options so they are in alphabet order 2. Remove extra lines of code for options parsing that really do not accomplish anything. 3. Remove variables when they are not necessary, I.E. Don't create a variable to hold an option that is only used once, use the option instead. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #267 Approved by: <username_without_leading_@>
2017-09-22 17:39:33 +08:00
When writing the output image, suppress progress output.
add --sign-by to bud/commit/push, --remove-signatures for pull/push Add the --sign-by option to `buildah build-using-dockerfile`, `buildah commit`, `buildah push`, and `buildah manifest push`. Add the `--remove-signatures` option to `buildah pull`, `buildah push`, and `buildah manifest push`. We just pass them to the image library, which does all of the heavy lifting. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #2085 Approved by: rhatdan
2020-01-16 01:23:38 +08:00
**--remove-signatures**
Don't copy signatures when pushing images.
Make buildah push support pushing manifests lists and digests Currently manifests just look like images in container storage. It is surprising to the user when they go to push the images that they end up failing, and have to use the buildah manifest push. This patch causes buildah push to failover to buildah manifest push if the image is a manifest. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-08 00:43:28 +08:00
**--rm**
[CI:DOCS] Fix typos and improve language Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-01-26 04:55:55 +08:00
When pushing a manifest list or image index, delete them from local storage if pushing succeeds.
Make buildah push support pushing manifests lists and digests Currently manifests just look like images in container storage. It is surprising to the user when they go to push the images that they end up failing, and have to use the buildah manifest push. This patch causes buildah push to failover to buildah manifest push if the image is a manifest. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-08 00:43:28 +08:00
add --sign-by to bud/commit/push, --remove-signatures for pull/push Add the --sign-by option to `buildah build-using-dockerfile`, `buildah commit`, `buildah push`, and `buildah manifest push`. Add the `--remove-signatures` option to `buildah pull`, `buildah push`, and `buildah manifest push`. We just pass them to the image library, which does all of the heavy lifting. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #2085 Approved by: rhatdan
2020-01-16 01:23:38 +08:00
**--sign-by** *fingerprint*
Sign the pushed image using the GPG key that matches the specified fingerprint.
Add authentication to commit and push Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #250 Approved by: rhatdan
2017-08-25 05:44:32 +08:00
**--tls-verify** *bool-value*
Add support for --manifest flags This patch allows users to build a multi arch image with simple commands using emulation software. ``` buildah bud --arch arm --manifest myimage /tmp/mysrc buildah bud --arch amd64 --manifest myimage /tmp/mysrc buildah bud --arch s390x --manifest myimage /tmp/mysrc ``` And something like this for buildah commit ``` build() { ctr=$(./bin/buildah from --arch $1 ubi8) ./bin/buildah run $ctr dnf install -y iputils ./bin/buildah commit --manifest ubi8ping $ctr } build arm build amd64 build s390x ``` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-30 20:16:24 +08:00
Require HTTPS and verification of certificates when talking to container registries (defaults to true). TLS verification cannot be used when talking to an insecure registry.
Add authentication to commit and push Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #250 Approved by: rhatdan
2017-08-25 05:44:32 +08:00
Add a "push" command Add a "push" command, which pulls an image's layers from local storage, recomputes the image's digest and manifest, and uses the image library to write the result to the specified location. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #141 Approved by: rhatdan
2017-06-02 00:11:14 +08:00
## EXAMPLE
Add --digestfile and Re-add push statement as debug We removed the "Succesfully pushed ..." statement from the end of the `buildah push` command in #1744. However we've had a request for that information still so I'm re-adding it as a debug statement and we can discuss if there's a better way or not. Also add the --digestfile option. With it the user will be able to specify a file to write the digest of the pushed image to for reference. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1799 Approved by: rhatdan
2019-08-17 02:03:38 +08:00
This example pushes the image specified by the imageID to a local directory in docker format.
Improve buildah push man page and help information This better documents the options available to the user. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #186 Approved by: rhatdan
2017-07-13 21:14:41 +08:00
`# buildah push imageID dir:/path/to/image`
Add --digestfile and Re-add push statement as debug We removed the "Succesfully pushed ..." statement from the end of the `buildah push` command in #1744. However we've had a request for that information still so I'm re-adding it as a debug statement and we can discuss if there's a better way or not. Also add the --digestfile option. With it the user will be able to specify a file to write the digest of the pushed image to for reference. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1799 Approved by: rhatdan
2019-08-17 02:03:38 +08:00
This example pushes the image specified by the imageID to a local directory in oci format.
Improve buildah push man page and help information This better documents the options available to the user. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #186 Approved by: rhatdan
2017-07-13 21:14:41 +08:00
Update buildah push doc The example for the oci transport was misleading as it showed a different format. Added an example for oci-archive. Added oci-archive to the Destinations. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #559 Approved by: rhatdan
2018-04-06 22:56:09 +08:00
`# buildah push imageID oci:/path/to/layout:image:tag`
Ran buildah through codespell Thanks to Dmitry Smirnov @onlyjob for suggesting this tool. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1985 Approved by: TomSweeneyRedHat
2019-11-17 00:31:41 +08:00
This example pushes the image specified by the imageID to a tar archive in oci format.
Update buildah push doc The example for the oci transport was misleading as it showed a different format. Added an example for oci-archive. Added oci-archive to the Destinations. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #559 Approved by: rhatdan
2018-04-06 22:56:09 +08:00
`# buildah push imageID oci-archive:/path/to/archive:image:tag`
Improve buildah push man page and help information This better documents the options available to the user. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #186 Approved by: rhatdan
2017-07-13 21:14:41 +08:00
Add --digestfile and Re-add push statement as debug We removed the "Succesfully pushed ..." statement from the end of the `buildah push` command in #1744. However we've had a request for that information still so I'm re-adding it as a debug statement and we can discuss if there's a better way or not. Also add the --digestfile option. With it the user will be able to specify a file to write the digest of the pushed image to for reference. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1799 Approved by: rhatdan
2019-08-17 02:03:38 +08:00
This example pushes the image specified by the imageID to a container registry named registry.example.com.
Improve buildah push man page and help information This better documents the options available to the user. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #186 Approved by: rhatdan
2017-07-13 21:14:41 +08:00
`# buildah push imageID docker://registry.example.com/repository:tag`
Add --digestfile and Re-add push statement as debug We removed the "Succesfully pushed ..." statement from the end of the `buildah push` command in #1744. However we've had a request for that information still so I'm re-adding it as a debug statement and we can discuss if there's a better way or not. Also add the --digestfile option. With it the user will be able to specify a file to write the digest of the pushed image to for reference. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1799 Approved by: rhatdan
2019-08-17 02:03:38 +08:00
This example pushes the image specified by the imageID to a container registry named registry.example.com and saves the digest in the specified digestfile.
`# buildah push --digestfile=/tmp/mydigest imageID docker://registry.example.com/repository:tag`
Push: Allow an empty destination In this case assume it's the same as source. This makes it compatible with `docker push`. Thus `buildah push my_registry/my_image` will behave like `buildah push my_registry/my_image docker://my_registry/my_image` Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com> Closes: #994 Approved by: rhatdan
2018-09-08 01:56:03 +08:00
This example works like **docker push**, assuming *registry.example.com/my_image* is a local image.
`# buildah push registry.example.com/my_image`
Add --digestfile and Re-add push statement as debug We removed the "Succesfully pushed ..." statement from the end of the `buildah push` command in #1744. However we've had a request for that information still so I'm re-adding it as a debug statement and we can discuss if there's a better way or not. Also add the --digestfile option. With it the user will be able to specify a file to write the digest of the pushed image to for reference. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1799 Approved by: rhatdan
2019-08-17 02:03:38 +08:00
This example pushes the image specified by the imageID to a private container registry named registry.example.com with authentication from /tmp/auths/myauths.json.
Use credentials from kpod login for buildah buildah push and from now use the credentials stored in ${XDG_RUNTIME_DIR}/containers/auth.json by kpod login if the auth file path is changed, buildah push and from can get the credentials from the custom auth file using the --authfile flag e.g buildah push --authfile /tmp/auths/myauths.json alpine docker://username/image Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #325 Approved by: rhatdan
2017-11-16 04:18:48 +08:00
`# buildah push --authfile /tmp/auths/myauths.json imageID docker://registry.example.com/repository:tag`
[CI:DOCS] Fix typos and improve language Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-01-26 04:55:55 +08:00
This example pushes the image specified by the imageID and puts it into the local docker container store.
Improve buildah push man page and help information This better documents the options available to the user. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #186 Approved by: rhatdan
2017-07-13 21:14:41 +08:00
`# buildah push imageID docker-daemon:image:tag`
Add a "push" command Add a "push" command, which pulls an image's layers from local storage, recomputes the image's digest and manifest, and uses the image library to write the result to the specified location. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #141 Approved by: rhatdan
2017-06-02 00:11:14 +08:00
Add --digestfile and Re-add push statement as debug We removed the "Succesfully pushed ..." statement from the end of the `buildah push` command in #1744. However we've had a request for that information still so I'm re-adding it as a debug statement and we can discuss if there's a better way or not. Also add the --digestfile option. With it the user will be able to specify a file to write the digest of the pushed image to for reference. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1799 Approved by: rhatdan
2019-08-17 02:03:38 +08:00
This example pushes the image specified by the imageID and puts it into the registry on the localhost while turning off tls verification.
De-dockerize the man page as much as possible Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-10-09 20:26:55 +08:00
`# buildah push --tls-verify=false imageID localhost:5000/my-imageID`
Add authentication to commit and push Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #250 Approved by: rhatdan
2017-08-25 05:44:32 +08:00
Add --digestfile and Re-add push statement as debug We removed the "Succesfully pushed ..." statement from the end of the `buildah push` command in #1744. However we've had a request for that information still so I'm re-adding it as a debug statement and we can discuss if there's a better way or not. Also add the --digestfile option. With it the user will be able to specify a file to write the digest of the pushed image to for reference. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1799 Approved by: rhatdan
2019-08-17 02:03:38 +08:00
This example pushes the image specified by the imageID and puts it into the registry on the localhost using credentials and certificates for authentication.
De-dockerize the man page as much as possible Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-10-09 20:26:55 +08:00
`# buildah push --cert-dir ~/auth --tls-verify=true --creds=username:password imageID localhost:5000/my-imageID`
Add authentication to commit and push Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #250 Approved by: rhatdan
2017-08-25 05:44:32 +08:00
pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES If $BUILD_REGISTRY_SOURCES is set, expect it to be a valid github.com/openshift/api/config/v1.Image, and parse its AllowedRegistries and BlockedRegistries lists when, pulling, committing, or pushing images. Override the local signature policy when committing or pushing an image to ensure that local storage is always allowed. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1787 Approved by: rhatdan
2019-08-13 12:23:28 +08:00
## ENVIRONMENT
**BUILD\_REGISTRY\_SOURCES**
BUILD\_REGISTRY\_SOURCES, if set, is treated as a JSON object which contains
lists of registry names under the keys `insecureRegistries`,
`blockedRegistries`, and `allowedRegistries`.
When pushing an image to a registry, if the portion of the destination image
name that corresponds to a registry is compared to the items in the
`blockedRegistries` list, and if it matches any of them, the push attempt is
denied. If there are registries in the `allowedRegistries` list, and the
portion of the name that corresponds to the registry is not in the list, the
push attempt is denied.
Set the TMPDIR for pulling/pushing image to $TMPDIR Or set it to /var/tmp if the user did not specify. Currently certain large workloads can not be handled because users are running out of space on pulls/ and pushes. Containers/image stores data temporarily in the file system. This allows the user to overide the location of the temporary storage. Also update containers/image to v5.0.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-12-18 00:01:52 +08:00
**TMPDIR**
The TMPDIR environment variable allows the user to specify where temporary files
are stored while pulling and pushing images. Defaults to '/var/tmp'.
pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES If $BUILD_REGISTRY_SOURCES is set, expect it to be a valid github.com/openshift/api/config/v1.Image, and parse its AllowedRegistries and BlockedRegistries lists when, pulling, committing, or pushing images. Override the local signature policy when committing or pushing an image to ensure that local storage is always allowed. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1787 Approved by: rhatdan
2019-08-13 12:23:28 +08:00
## FILES
Add Files section with registries.conf to pertinent man pages Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #653 Approved by: rhatdan
2018-05-03 04:53:27 +08:00
**registries.conf** (`/etc/containers/registries.conf`)
Change 'registries' to 'container registries' in man Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #774 Approved by: rhatdan
2018-06-11 21:57:45 +08:00
registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.
Add Files section with registries.conf to pertinent man pages Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #653 Approved by: rhatdan
2018-05-03 04:53:27 +08:00
Hide from users command options that we don't want them to use. We really want users to use the registries.conf file specified by the administrator. We also don't want them overriding the signature-policy. Thes options are mainly their for CI/CD Systems, so they should be hidden from the user. Signed-off-by: Daniel J Walsh dwalsh@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1373 Approved by: TomSweeneyRedHat
2019-02-27 23:29:09 +08:00
**policy.json** (`/etc/containers/policy.json`)
Signature policy file. This defines the trust policy for container images. Controls which container registries can be used for image, and whether or not the tool should trust the images.
Add a "push" command Add a "push" command, which pulls an image's layers from local storage, recomputes the image's digest and manifest, and uses the image library to write the result to the specified location. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #141 Approved by: rhatdan
2017-06-02 00:11:14 +08:00
## SEE ALSO
Make buildah push support pushing manifests lists and digests Currently manifests just look like images in container storage. It is surprising to the user when they go to push the images that they end up failing, and have to use the buildah manifest push. This patch causes buildah push to failover to buildah manifest push if the image is a manifest. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-08 00:43:28 +08:00
buildah(1), buildah-login(1), containers-policy.json(5), docker-login(1), containers-registries.conf(5), buildah-manifest(1)