Skopeo - Work with remote images registries - retrieving information, images, signing content

  •        77

skopeo is a command line utility that performs various operations on container images and image repositories. skopeo can work with OCI images as well as the original Docker v2 images. Skopeo works with API V2 container image registries such as docker.io and quay.io registries, private registries, local directories and local OCI-layout directories.

skopeo can perform operations which consist of:

  • Copying an image from and to various storage mechanisms. For example you can copy images from one registry to another, without requiring privilege.
  • Inspecting a remote image showing its properties including its layers, without requiring you to pull the image to the host.
  • Deleting an image from an image repository.
  • Syncing an external image repository to an internal registry for air-gapped deployments.
  • When required by the repository, skopeo can pass the appropriate credentials and certificates for authentication.

https://github.com/containers/skopeo

Tags
Implementation
License
Platform

   




Related Projects

Podman - A tool for managing OCI containers and pods

  •    Go

Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of containers. Podman is based on libpod, a library for container lifecycle management that is also contained in this repository. The libpod library provides APIs for managing containers, pods, container images, and volumes.

anchore - Legacy Anchore container analysis, inspection and control toolset

  •    Python

Anchore is a set of tools that provides visibility, transparency, and control of your container environment. With anchore, users can analyze, inspect, perform security scans, and apply custom policies to container images within a CI/CD build system, or used/integrated directly into your container environment. This repository contains the anchore analysis scanner tool (with a basic CLI interface), which can be appropriate for lower-level integrations - for new users and current users who have been looking to deploy Anchore as a centralized service with an API, an open source project called the Anchore Engine has been released (with its own light-weight client CLI) which extends the capabilities of anchore beyond what usage of this scanner tool alone can provide. The project page links are below, which include installation/quickstart instructions, API documents and usage guides.

amazon-ecs-cli - A custom Amazon ECS CLI that eases up the cluster setup process, enables users to run their applications locally or on ECS using the same Docker Compose file format and familiar Compose commands

  •    Go

The Amazon ECS Command Line Interface (CLI) is a command line interface for Amazon EC2 Container Service (Amazon ECS) that provides high-level commands to simplify creating, updating, and monitoring clusters and tasks from a local development environment. The Amazon ECS CLI supports Docker Compose, a popular open-source tool for defining and running multi-container applications. Use the CLI as part of your everyday development and testing cycle as an alternative to the AWS Management Console.For more information about Amazon ECS, see the Amazon ECS Developer Guide. For information about installing and using the Amazon ECS CLI, see the ECS Command Line Interface.

Anchore Engine - Centralized service for inspection, analysis and certification of container images

  •    Python

The Anchore Engine is an open source project that provides a centralized service for inspection, analysis and certification of container images. The Anchore engine is provided as a Docker container image that can be run standalone or on an orchestration platform such as Kubernetes, Docker Swarm, Rancher or Amazon ECS. The Anchore engine can be accessed directly through a RESTful API or via the Anchore CLI.

vm - Package and Run Virtual Machines as Docker Containers

  •    Python

RancherVM allows you to create a special kind of containers called VM Containers. A VM container looks and feels like a regular container. It can be created from Dockerfile, distributed using DockerHub, managed using docker command line, and networked together using links and port bindings. Inside each VM container, however, is a virtual machine instance. You can package any QEMU/KVM image as RancherVM containers.RancherVM additionally comes with a management container that provides a web UI for managing virtual machines and accessing the VNC console.


runc - CLI tool for spawning and running containers according to the OCI specification

  •    Go

runc is a CLI tool for spawning and running containers according to the OCI specification.

jib - Build container images for your Java applications.

  •    Java

Jib builds optimized Docker and OCI images for your Java applications without a Docker daemon - and without deep mastery of Docker best-practices. It is available as plugins for Maven and Gradle and as a Java library.

Helios - Docker container orchestration platform

  •    Java

Helios is a Docker orchestration platform for deploying and managing containers across an entire fleet of servers. Helios provides a HTTP API as well as a command-line client to interact with servers running your containers. It also keeps a history of events in your cluster including information such as deploys, restarts and version changes.

Buildah - A tool that facilitates building OCI images

  •    Go

Buildah - a tool that facilitates building Open Container Initiative (OCI) container images. The Buildah package provides a command line tool that can be used to Create a working container, either from scratch or using an image, Images can be built in either the OCI image format or the traditional upstream docker image format, Mount / Unmount / Delete / Rename the container.

img - Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.

  •    Go

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder. img is more cache-efficient than Docker and can also execute multiple build stages concurrently, as it internally uses BuildKit's DAG solver.

firecracker-containerd - firecracker-containerd enables containerd to manage containers as Firecracker microVMs

  •    Go

This repository enables the use of a container runtime, containerd, to manage Firecracker microVMs. Like traditional containers, Firecracker microVMs offer fast start-up and shut-down and minimal overhead. Unlike traditional containers, however, they can provide an additional layer of isolation via the KVM hypervisor. To maintain compatibility with the container ecosystem, where possible, we use container standards such as the OCI image format.

runc - CLI tool for spawning and running containers according to the OCI specification

  •    Go

runc is a CLI tool for spawning and running containers according to the OCI specification. runc depends on and tracks the runtime-spec repository. We will try to make sure that runc and the OCI specification major versions stay in lockstep. This means that runc 1.0.0 should implement the 1.0 version of the specification.

ctop - A command line / text based Linux Containers monitoring tool that works just like you expect.

  •    Python

A command line / text based Linux Containers monitoring tool that works just like you expect.ctop will help you see what's going on at the container level. Basically, containers are a logical group of processes isolated using kernel's cgroups and namespaces. Recently, they have been made popular by Docker and they are also heavily used under the hood by systemd and a load of container tools like lxc, rocket, lmctfy and many others.

rkt - the pod-native container engine for Linux

  •    Go

rkt (pronounced like a "rocket") is a CLI for running application containers on Linux. rkt is designed to be secure, composable, and standards-based. The rkt v1.x series provides command line user interface and on-disk data structures stability for external development. Any major changes to those primary areas will be clearly communicated, and a formal deprecation process conducted for any retired features.

rocker - R configurations for Docker

  •    Shell

This repository contains Dockerfiles for different Docker containers of interest to R users. To get started right away, ensure you have Docker installed and start a container with docker run --rm -ti rocker/r-base (see here for the docker run command options). In this case we are starting the r-base container (the base package to build from) in an interactive mode, see below for details of the other containers currently available. To get started on the rstudio container or its derivative containers (eg. hadleyverse and ropensci) you need to open a port, see the instructions in the wiki. The wiki also contains further instructions and information on the project, including how to extend these images and contribute to development.

docker-cleanup - Automatic Docker image, container and volume cleanup

  •    Shell

This image will periodically clean up exited containers and remove images and volumes that aren't in use by a running container. Based on tutumcloud/image-cleanup and chadoe/docker-cleanup-volumes with some small fixes. WARNING: This script will remove all exited containers, data-only containers and unused images unless you carefully exclude them. Take care if you mount /var/lib/docker into the container since that will clean up all unused data volumes. If it's not compatible with your system or Docker version it may delete all your volumes, even from under running containers.

lcfs - LCFS Graph driver for Docker

  •    C

tl;dr: Every time you build, pull or destroy a Docker container, you are using a storage driver. Current storage drivers like Device Mapper, AUFS, and Overlay2 implement container behavior using file systems designed to run a full OS. We are open-sourcing a file system that is purpose-built for the container lifecycle. We call this new file system Layer Cloning File System (LCFS). Because it is designed only for containers, it is up to 2.5x faster to build an image and up to almost 2x faster to pull an image. We're looking forward to working with the container community to improve and expand this new tool. Layer Cloning FileSystem (LCFS) is a new filesystem purpose-built to be a Docker storage driver. All Docker images are constructed of layers using storage drivers (graph drivers) like AUFS, OverlayFS, and Device Mapper. As a design principle, LCFS focuses on layers as the first-class citizen. The LCFS filesystem operates directly on top of block devices, as opposed to merging separate filesystems. Thereby, LCFS aims to directly manage at the container image’s layer level, eliminate the overhead of having a second filesystem that then is merged, and to optimize for density.

cadvisor - Analyzes resource usage and performance characteristics of running containers.

  •    Go

cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.cAdvisor has native support for Docker containers and should support just about any other container type out of the box. We strive for support across the board so feel free to open an issue if that is not the case. cAdvisor's container abstraction is based on lmctfy's so containers are inherently nested hierarchically.

crfs - CRFS: Container Registry Filesystem

  •    Go

CRFS is a read-only FUSE filesystem that lets you mount a container image, served directly from a container registry (such as gcr.io), without pulling it all locally first. Go's continuous build system tests Go on many operating systems and architectures, using a mix of containers (mostly for Linux) and VMs (for other operating systems). We prioritize fast builds, targetting 5 minute turnaround for pre-submit tests when testing new changes. For isolation and other reasons, we run all our containers in a single-use fresh VMs. Generally our containers do start quickly, but some of our containers are very large and take a long time to start. To work around that, we've automated the creation of VM images where our heavy containers are pre-pulled. This is all a silly workaround. It'd be much better if we could just read the bytes over the network from the right place, without the all the hoops.

cinf - Command line tool to view namespaces and cgroups, useful for low-level container prodding

  •    Go

The cinf package docs are also available online. The following sections show basic usage. For a complete end-to-end usage, see the walkthrough.