Container Registry FAQ

Overview
FAQ

FAQ topics

General
Technical

General questions

What is OCIR?

OCIR or Oracle Cloud Infrastructure Registry is a Docker v2 compatible Docker image registry.

When should I use OCIR?

OCIR is best used to store Docker images you will utilize in Containerized Applications, such as those that you deploy with Container Engine for Kubernetes.

How can I get started with OCIR?

It's easy, just create an Auth Token via your user settings and login with the Docker CLI. See the registry documentation.

Technical questions

Why are the regional names/urls used in OCIR different from the rest of Oracle Cloud Infrastructure, such as us-phoenix-1.oraclecloud.com vs phx.ocir.io?

Docker users are familiar with short urls to push and pull images. Other cloud providers also use shortened URLs. We wanted to make sure that usage of OCIR conforms to these user expectations.

Are each of the regional instances of OCIR distinct from each other?

Yes, each of the regional instances are distinct. You communicate with each independently. Best practice suggests you use the regional instance closest to where you are deploying your containers.

What are the regional urls?

The regional URLs align with the nearby airports. phx.ocir.io; iad.ocir.io; lhr.ocir.io; fra.ocir.io.

Do I need to use the complete path to an image, when pushing or pulling it?

Yes, you need to specify the entire path, in this format: .ocir.io///:tag, for example: phx.ocir.io/tenancy-foo/project01/nginx:latest.

Why aren't compartments used with OCIR?

Docker users are used to a repository based structure for their container registries. Administrators can limit access to a particular repo path, both for read-only (pull only) and push/pull. Adding compartments would add an unnecessary level of complexity to this simple concept.

What are the limits (quotas) for OCIR and are they regional or global?

Quotas are 500 repos total and 500 images per repo PER region.

Can repos be public?

Yes, an administrator of the tenancy can make any repo public. This means that if a user has the complete path to the image, they can pull it, with no authentication needed. Note, that the user will not be able to see the Oracle Cloud Infrastructure console page, they will just be able to pull the image.

I push many images per day as part of my CI/CD process, is there a feature to help eliminate the clutter of old images?

Yes, with our auto-cleanup feature, you can set retention policies, so for example, if an image is not pulled in x days, it is automatically deleted.

Can I create a service account so that others outside my tenancy can pull an image from one of my repos?

Yes, create a user for that service account and an "Auth Token" (formerly Swift Password), which can be revoked at any time. Put that user in a group that supports your use case, via policy, such as read only and limited to a particular repo path. See Policies to Control Repository Access documentation.