Manage your registry

Whilst the ctr.dev API is OCI spec compliant, Hiphops provides additional endpoints not covered within that spec. These bring quality of life improvements for managing a container registry.

The actions are listed below, and are additional to the standard functionality expected of a Docker container registry.

Listing all repos

• Dashboard under Registry > Browse your registry.
• API with GET /api/v1/registry/{project_id}/repos

Listing repo images

• Dashboard under Registry > Browse your registry.
• API with GET /api/v1/registry/{project_id}/repos/{repo}/images

Listing image info & tags

• Dashboard under Registry > Browse your registry.
• API with GET /api/v1/registry/{project_id}/repos/{repo}/images/{imageandtag}

Listing all files and their sizes

• Dashboard under Registry > Browse your registry.
• API with GET /api/v1/registry/{project_id}/files

Deleting an image or tag

• Dashboard under Registry > Browse your registry > (Select) Delete.
• API with DELETE /api/v1/registry/{project_id}/repos/{repo}/images/{imageandtag}

Pull from a source registry

Hiphops lets you configure connections to source registries. This allows you to pull and cache images from Docker Hub, Google Artifact Registry or your existing container registry (coming soon: ECR, and Azure Container Registry).

How it works

When you set up a source registry connection, users can pull images that don’t exist in your Hiphops registry using standard Docker commands. The first time an image is requested:

1. Hiphops checks if the image exists in your registry
2. If not found, Hiphops pulls the image from the configured source registry
3. The image is cached in your registry for future requests
4. The image is served to the user

This provides several benefits:

• Apply Hiphops access control to images
• Reduce third-party registry bandwidth and rate limiting issues
• Improve pull reliability and performance for your users
• No changes to how users pull images

Managing source registry connections

• Dashboard under Registry > Pull from a source registry.
• API with:
  • List: GET /api/v1/registry/{project_id}/source-registries
  • Create: POST /api/v1/registry/{project_id}/source-registries
  • View: GET /api/v1/registry/{project_id}/source-registries/{name}
  • Delete: DELETE /api/v1/registry/{project_id}/source-registries/{name}

Adding a source registry

1. Go to Registry > Pull from a source registry
2. Click the “Add Source Registry” button
3. Fill in the details:
   • Name: A unique identifier for this source registry
   • Registry URL: The URL of the source registry (e.g., https://index.docker.io)
   • Username: Authentication username for the source registry
   • Password: Authentication password for the source registry
4. Click “Test Connection” to verify the setup
5. If the test fails, you can always verify that your credentials work with the Docker CLI. Once working there, the same values will work in Hiphops.
6. Save the configuration
7. If you have multiple source registries, you can drag them into priority order (the first one will be tried first).

For Google Artifact Registry setup see below. For anonymous access registries setup see below.

Supported registry types

Hiphops supports pulling from various source registry types:

• Standard registries with basic authentication, including Docker Hub
• Google Artifact Registry (GAR)
• Anonymous access registries (e.g., gcr.io, k8s.gcr.io, quay.io)
• AWS Elastic Container Registry (ECR) (coming soon)
• Azure Container Registry (ACR) (coming soon)

Google Artifact Registry setup

To set up Google Artifact Registry, first:

1. Ensure you have a repository created in Google Artifact Registry (you will need to add your Service Account to it.)
2. Create a Service Account key following Google’s authentication guide
3. Download the JSON key file
4. In Google Cloud Console, go to Artifact Registry Repositories
5. Select your repository and on the details page click “Copy path”

Then follow the steps above using these configuration values:

• Registry URL: The “path” you copied from Google Cloud Console
• Username: _json_key (exactly this value)
• Password: Paste the full contents of the downloaded JSON key file

Anonymous access registries setup

Many public container registries allow anonymous access for pulling public images. Examples include:

• gcr.io - Google Artifact Registry public repositories
• k8s.gcr.io - Kubernetes container images
• quay.io - Red Hat Quay public repositories
• docker.io - Docker Hub public repositories (when not rate-limited)

To set up an anonymous access repository like those in gcr.io:

1. Get the repository URL you want to pull from (e.g., gcr.io/distroless)

Then follow the steps above using these configuration values:

• Registry URL: The repository URL you just copied (e.g., gcr.io/distroless)
• Username: Any value (e.g., “unused”) - this field is required but ignored
• Password: Any value (e.g., “unused”) - this field is required but ignored

Note: While the username and password fields are required in the form, they are not used for authentication when the registry allows anonymous access.

Example configuration for gcr.io:

• Name: distroless
• Registry URL: https://gcr.io/distroless
• Username: unused
• Password: unused

Using source registries

To pull an image from a source registry through your Hiphops registry:

docker pull YOUR_SUBDOMAIN.ctr.dev/library/alpine:latest

The repository path structure should match what’s expected in the source registry.

Example:

docker pull YOUR_SUBDOMAIN.ctr.dev/library/alpine:latest

will pull and cache the image at:

https://index.docker.io/library/alpine:latest