Manage your registry
Whilst the ctr.dev
API is OCI spec compliant, Hiphops provides additional endpoints not covered within that spec. These bring quality of life improvements for managing a container registry.
The actions are listed below, and are additional to the standard functionality expected of a Docker container registry.
Listing all repos
- Dashboard under
Registry > Browse your registry
. - API with GET /api/v1/registry/{project_id}/repos
Listing repo images
- Dashboard under
Registry > Browse your registry
. - API with GET /api/v1/registry/{project_id}/repos/{repo}/images
Listing image info & tags
- Dashboard under
Registry > Browse your registry
. - API with GET /api/v1/registry/{project_id}/repos/{repo}/images/{imageandtag}
Listing all files and their sizes
- Dashboard under
Registry > Browse your registry
. - API with GET /api/v1/registry/{project_id}/files
Deleting an image or tag
- Dashboard under
Registry > Browse your registry > (Select) Delete
. - API with DELETE /api/v1/registry/{project_id}/repos/{repo}/images/{imageandtag}
Pull from a source registry
Hiphops lets you configure connections to source registries. This allows you to pull and cache images from Docker Hub, Google Artifact Registry or your existing container registry (coming soon: ECR, and Azure Container Registry).
How it works
When you set up a source registry connection, users can pull images that don’t exist in your Hiphops registry using standard Docker commands. The first time an image is requested:
- Hiphops checks if the image exists in your registry
- If not found, Hiphops pulls the image from the configured source registry
- The image is cached in your registry for future requests
- The image is served to the user
This provides several benefits:
- Apply Hiphops access control to images
- Reduce third-party registry bandwidth and rate limiting issues
- Improve pull reliability and performance for your users
- No changes to how users pull images
Managing source registry connections
- Dashboard under
Registry > Pull from a source registry
. - API with:
Adding a source registry
- Go to
Registry > Pull from a source registry
- Click the “Add Source Registry” button
- Fill in the details:
- Name: A unique identifier for this source registry
- Registry URL: The URL of the source registry (e.g.,
https://index.docker.io
) - Username: Authentication username for the source registry
- Password: Authentication password for the source registry
- Click “Test Connection” to verify the setup
- If the test fails, you can always verify that your credentials work with the Docker CLI. Once working there, the same values will work in Hiphops.
- Save the configuration
- If you have multiple source registries, you can drag them into priority order (the first one will be tried first).
For Google Artifact Registry setup see below. For anonymous access registries setup see below.
Supported registry types
Hiphops supports pulling from various source registry types:
- Standard registries with basic authentication, including Docker Hub
- Google Artifact Registry (GAR)
- Anonymous access registries (e.g., gcr.io, k8s.gcr.io, quay.io)
- AWS Elastic Container Registry (ECR) (coming soon)
- Azure Container Registry (ACR) (coming soon)
Google Artifact Registry setup
To set up Google Artifact Registry, first:
- Ensure you have a repository created in Google Artifact Registry (you will need to add your Service Account to it.)
- Create a Service Account key following Google’s authentication guide
- Download the JSON key file
- In Google Cloud Console, go to Artifact Registry Repositories
- Select your repository and on the details page click “Copy path”
Then follow the steps above using these configuration values:
- Registry URL: The “path” you copied from Google Cloud Console
- Username:
_json_key
(exactly this value) - Password: Paste the full contents of the downloaded JSON key file
Anonymous access registries setup
Many public container registries allow anonymous access for pulling public images. Examples include:
gcr.io
- Google Artifact Registry public repositoriesk8s.gcr.io
- Kubernetes container imagesquay.io
- Red Hat Quay public repositoriesdocker.io
- Docker Hub public repositories (when not rate-limited)
To set up an anonymous access repository like those in gcr.io
:
- Get the repository URL you want to pull from (e.g.,
gcr.io/distroless
)
Then follow the steps above using these configuration values:
- Registry URL: The repository URL you just copied (e.g.,
gcr.io/distroless
) - Username: Any value (e.g., “unused”) - this field is required but ignored
- Password: Any value (e.g., “unused”) - this field is required but ignored
Note: While the username and password fields are required in the form, they are not used for authentication when the registry allows anonymous access.
Example configuration for gcr.io:
- Name:
distroless
- Registry URL:
https://gcr.io/distroless
- Username:
unused
- Password:
unused
Using source registries
To pull an image from a source registry through your Hiphops registry:
docker pull YOUR_SUBDOMAIN.ctr.dev/library/alpine:latest
The repository path structure should match what’s expected in the source registry.
Example:
docker pull YOUR_SUBDOMAIN.ctr.dev/library/alpine:latest
will pull and cache the image at:
https://index.docker.io/library/alpine:latest