Hello. Welcome to this demo on managing what I call Cloud infrastructure registry, also known as Container Registry. I'm Mahendra Mehra and I am a Senior Training Lead and Evangelist with Oracle University. As part of this demo, I'll be showing you how to create a container registry on the OCIR platform. I will then show you how to push an image from your Docker client to those OCIR registry. We will also see how to pull an image from the OCIR registry to your local machines. We will then browse through the OCIR, our dashboard in order to see information about images that we have pushed onto the registry. We will also browse through the different options that we have available on the OCIR dashboard in order to manage images that are present in the container registry. Let's get started. I have logged in into my OCI console and to tell you the user account using which I'll be performing the demo is part of the administrators group. In case you are trying to shadow these demos, make sure that the users you are using to run this demo had the required policies granted to them. As part of managing OCIR are the first step is to create Container Registry. In order to create the container registry, let's click on the "Hamburger menu", go to the developer service, and under the developer services we'll see containers and artifacts. Here you must select the Container Registry Service. Click on the "Container Registry Service", and it will bring you to the Container Registry page. Make sure on the left-hand side, within the compartment selector, you select the appropriate compartment where you wish to manage your container registry resources. For me, it is the OCIR-OKE-DEMO compartment where I will be creating all my resources. Click on the "Create repository button" to start creating repository. On the pop-up, give you a repository a name. Make sure that the name you enter must be unique across all compartments and then diet and NT, and avoid entering confidential information. I have named my repository as OCIR-demo. Now, you can choose from the options whether you want to have your repository as private repository or you want it to be a public repository. You can only make the new repository republic if you belong to the tendencies administrator group or you have been granted repository managed permission. If you make the new repository republic end-user with Internet access and the knowledge of appropriate URL, will be able to pull images from your repository. If we make the repository private, you along with other users belonging to the tendencies administrators group, will be able to perform any operation on your repository. Let me go ahead with the default that is private access and click on "Create Repository." As you can see, my repository has been created and access granted to the repository is private. Repository also has been assigned a unique identifier and currently it holds no image, so the size indicates zero. The another option that you have, if you want to automatically create new private repositories in the tenancy's root compartment whenever a docker push command runs, don't include the name of the repository in the docker push command. To have such settings, click on the "Settings button" on the right-hand side of the page. By enabling this option, if you push an image and the command includes the name of a repository that doesn't already exist. A new private repository is created automatically. But if you wish to push images into existing repositories, then you must unselect this option. I will leave it to default, and let's go back to the Container Registry homepage. Now that we have created a repository within our Container Registry, it's time to push image into our registry OCI demo. The first step in this process is to generate an Auth token. In order to generate the Auth token, click on the Profile menu. Go to the User Settings, scroll down in the user detail page, and within the resources click on the "Auth tokens". As you can see, I already have an Auth tokens created. Let me quickly show you how to create one. Click on "Generate token" give you a token or description and click on "Generate token." The token is generated. You must click on the "Copy link "and save your token somewhere. Now that we have generated the Auth token, let's open into our Docker client machine. I will be using the Cloud Shell in order to manage all the Docker client operations. Let me fire up my Cloud Shell. I will use the Docker login command to login into the Container registry. Well, as you can see from the command, I'm using the region key for the region where I'm currently operating in, followed by ocir.io. As you can see, the region selected for me is US West Phoenix region. The region code for US West Phoenix region is phx. You can check out the region code for your region within the [inaudible] documentation. Let me go ahead and hit "Enter" it'll ask you for your username. The format of your username must be your tenancy namespace/your username. I'll go ahead and hit "Enter". Then it asks you for a password, you need to provide the Auth token that degenerated. Let me go ahead and enter "my Auth token". It says login succeeded, which means I have logged in into my OCIR Container Registry. Now it's time to push images that are available on my local machine onto the container registry. Let me quickly check the local images that are present on this machine. The following image is present in my local machine. Let me push this image which I earlier pushed into my Docker Hub Registry to the repository in my container registry. In order to do so, I'll have to first add the source image. In order to tag the source image, you use the Docker tag command. As you can see on the screen, I'm using the Docker tag command to create copy of the original image as a new image. The new image is actually just a reference to the existing original image. As a name or tag for the new image, you specify the fully qualified path to the target location in the container registry where you wish to push the image. If you closely look at the target tag, the target tag starts with the region key/separated by the tenancy namespace, and/separated by the repository name, colon, the tag name that is to give to that image. I will just go ahead and run this Docker tag command and the command executed successfully. Let me quickly do a docker images to check whether the new image has been created with the new tag. As you can see, the new image has been created. Basically this image is referencing to the original image that was created. As you can see, the image IDs are the same. Well, that said, now we just need to push the newly-created tagged image onto the container registry. To do that, we need to run the docker push command followed by the image name, which represents the target tag. Well, the push operation has completed successfully. Now, let's go back to the container registry dashboard and see whether we have this image present in the container registry. Let me refresh this page. As you can see, I have the image being shown up on the container registry. Within our repository OCI demo, the tag is v1, and the total utilized space for this image is 52.75 MB. To know more about the image that we have posed, we can click on this image, and it will populate the details of the image. For example, date created a minute ago. The repository in which it lies, is the OCI demo, the complete size of the image. The image was pushed by which user. You can also see the different layers within that image. If you click on the "Layers tab", you can see all the layers within the image. You can also see the associated tags. Currently, the tag that is associated to this image is v1. You can also use this image filter to toggle between tagged and, and untagged images. If I click on "Untagged", it will show me all the images that are untagged. Currently, there are no images in this repository which are untagged. Similarly, if I uncheck this, it will is show me all the tagged images. Now it's time to go to the Cloud Shell and try the docker pull operation in order to pull the image from the container registry. Before I pull the image from the container registry, I'll first delete all the existing images in my local machine. I'm using the darker RMI command with the force flag in order to delete the image from the local repository. My images are deleted, let me quickly check using the docker images command. The images are gone. Let me pull the same image from the container registry, which I pushed a while ago. In order to pull the image, we use the docker pull command, followed by the complete path of the image in the container registry. Using the docker pull command and giving the complete path of the image in my container registry, I'll be pulling this image back on my local machine. The pull has completed successfully. Using the docker images command, I'll cross-check whether the image exist. As you can see, the image has been pulled from the container registry on the OCI platform. If you no longer need an old image, you can delete the image, click on the "Image", and go to the Actions menu, where you have an option to delete the image. Click on "Delete Image", and it will ask you for confirmation to delete the image. Remember, you can undelete an image you have previously deleted for up to 48 hours after you have deleted it. After that time, they may just permanently removed from the container registry. When you want to clean up the list of images in a repository without actually deleting the images, you can remove the tags from the images in the container registry. To remove the tag, you can click on the "Action menu" and click on the "Remove tag" option. When you click on the Remove tag option, it'll ask you for a conformation if you wish to untag this image. Untagging does not mean that you are deleting the image. But this manual process of deleting unwanted images can be a little troublesome. There's a better approach to delete images, which you no longer need. That approach is to set the image retention policies. In order to set the image retention policies, you can go to the Settings option, verifying the image retention policies under the resources section on the left. I'll click on the "Image Retention Policies", it will take us to the image retention policies page where you see there are two types of policies. One is the global image retention policy. A policy applied within the global image retention policy applies to all repositories in the region unless it is explicitly overridden by one or more custom image retention policies. By default, the global image retention policy is set to retain all images. You can click on the "Edit Global Policy" and you can modify the policy as per your requirement. There are different criterias to choose from. For example, you can select to delete any images that haven't been pulled in the specified number of days, or you can select a criteria where the images that haven't been tagged in a specified number of days. You can also specify a comma-separated list of tags that you wish to exempt from deletion. Like I said, you can also write image retention policies which will override the global image retention policy. In order to create custom image retention policies, you have to click on the "Create Policy" button on the right. When you click on the "Create Policy button", it pops up a window where it asks you for a policy name and the different criterias you wish to choose from. Give policy a name. Let's say, so I have given the policy a name custom-ocir, and let's say I want to delete those images which haven't been pulled, for let's say 10 days, and let's click on "Save Setting." Then the page gives you an option to add repositories within your container registry to add to the custom image retention policies. When you click on the "Add Repository," it will drop down all the repositories which are present within your container registry. For me, currently within this compartment, there's only one registry which is OCI demo, so I'll select that. In the list, the OCI demo repository has been updated. Remember, there is an orderly process that checks images against the selection criteria that we have defined. If it finds any image that meets the selection criteria, they are automatically deleted. With this, we come to the end of this demo on managing OCIR. I hope you like the demo. Thanks for watching.
