OCI Basics using Singularity Enterprise Registry

By Staff

Jan 25, 2024 | News


Singularity Enterprise comes with a fully compliant Open Container Initiative (OCI) registry. The following is a collection of typical registry operations within your workflow. Assuming the Singularity Enterprise registry address is registry.sylabs.io, please substitute with the appropriate address available in your environment.


Before performing any of the following operations, you will need to authenticate and authorize yourself with the container registry. This involves providing credentials — such as your username and password or an access token — to ensure you have the necessary permissions. Assuming you already have your token registered using the singularity remote login command, start your Docker operations by authenticating with the following command:
singularity remote get-login-password | \
            docker login -u USERNAME --password-stdin registry.sylabs.io


Tagging involves giving a specific version or name to a container image. This is useful for version control and ensuring that specific versions of your application are used. Assuming you already have an image on your Docker daemon, you can tag it in preparation to push with the following command:
docker tag example registry.sylabs.io/USERNAME/example:v1.0


Pushing an image to a container registry involves uploading a locally built container image to the registry so it can be stored and accessed by others. This is often done using a command like:
docker push registry.sylabs.io/USERNAME/example:v1.0


Pulling an image from a container registry is the process of downloading an image from the registry to run it locally or on a remote server. This is typically done using a command like:
docker pull registry.sylabs.io/USERNAME/example:v1.0

Using Skopeo

Skopeo is a command-line tool for copying container images between different container registries. It can be used to pull, push, inspect, and delete container images from and to OCI-compliant registries. It is particularly useful for automation and scripting.


Similar to Docker command, Skopeo can accept the login argument and authenticate:
singularity remote get-login-password | \
skopeo login -u USERNAME --password-stdin registry.sylabs.io

Copy Remotely

This operation can copy from a remote location to your Singularity Enterprise registry. The following example will copy over Docker Hub to Singularity Enterprise registry.
skopeo copy docker://alpine:latest\ docker://registry.sylabs.io/USERNAME/alpine/alpine:latest


Removing images from a container registry is important for cleaning up outdated or unnecessary images. Docker command does not provide a command for this, but with Skopeo it is possible to remove an image from the registry, like so:
skopeo delete docker://registry.sylabs.io/USERNAME/alpine/alpine:latest


Understanding and mastering the basic operations with OCI registries is fundamental for anyone working with containerization and container orchestration technologies. Whether you are pushing, pulling, tagging, or managing access control, these operations are the building blocks of efficient container image management. With the right tools and practices you can streamline your development and deployment workflows, ensuring that your container images are readily available within OCI-compliant registries.

Join Our Mailing List

Related Posts