Skip to content

Registry

CERN Registry

The official production registry is hosted by gitlab.cern.ch.

This page documents an experimental registry fully OCI compliant, available at registry.cern.ch

The official Harbor documentation can be found here.

DockerHub Cache

A proxy cache is available to hub.docker.com, which should offer a lower latency and higher bandwidth option for workloads running inside CERN. To use it, prefix the image with registry.cern.ch/docker.io, so:

docker pull myrepo/myimage:mytag becomes registry.cern.ch/docker.io/myrepo/myimage:mytag

A special case are the default images, where you need to prefix with library, so:

docker pull ubuntu:20.04 becomes docker pull registry.cern.ch/docker.io/library/ubuntu:20.04

Project Access Control With e-groups (under testing)

To allow a group access to the project go to <project> -> Members -> +Group and specify the e-group name and associated Harbor role. As of today there is no validation of e-group names, make sure the value given is correct.

Harbor Groups

⚠ WARNING: Please be aware that only e-groups that have visibility set to 'Open' can be used.

Pushing Singularity Images

If you cannot push singularity images into Harbor, please check and upgrade Singularity version to >3.7.3. If updating singularity is not an option, use ORAS to upload your image by setting the OCI SIF metatype or the pushed image will not be pull-able. :application/vnd.sylabs.sif.layer.v1.sif

Please note that pulling with singularity requires the tag/hash. Singularity cannot resolve "latest" automatically.

Pushing with ORAS:

oras login -u <username> -p <OIDC CLI SECRET> registry.cern.ch
Login Succeeded

oras push registry.cern.ch/iotools/root-f31:latest root-f31.sif:application/vnd.sylabs.sif.layer.v1.sif
Uploading 9e951d68cadb root-f31.sif
Pushed registry.cern.ch/iotools/root-f31:latest
Digest: sha256:3da44d1209efef7b15a963ab211815c330d641076c98b26c28aa7a8f9d92fd51

Pulling natively:

singularity pull oras://registry.cern.ch/iotools/root-f31:latest
INFO:    Downloading oras image

Repositories

By default newly created repositories have a limited quota of 5GB. If you need more space please open a Service Desk ticket.