% kpod(1) kpod-push - Push an image from local storage to elsewhere % Dan Walsh
kpod push - Push an image from local storage to elsewhere
kpod push [options [...]] imageID [destination]
Pushes an image from local storage to a specified destination, decompressing and recompressing layers as needed.
Image stored in local container/storage
The DESTINATION is a location to store container images The Image "DESTINATION" uses a "transport":"details" format.
Multiple transports are supported:
dir:path An existing local directory path storing the manifest, layer tarballs and signatures as individual files. This is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
docker://docker-reference
An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in $XDG_RUNTIME_DIR/containers/auth.json, which is set e.g. using (kpod login).
docker-archive:path[:docker-reference]
An image is stored in the docker save formatted file. docker-reference is only used when creating such a file, and it must not contain a digest.
docker-daemon:docker-reference An image docker-reference stored in the docker daemon internal storage. docker-reference must contain either a tag or a digest. Alternatively, when reading images, the format can also be docker-daemon:algo:digest (an image ID).
oci-archive:path:tag An image tag in a directory compliant with "Open Container Image Layout Specification" at path.
ostree:image[@/absolute/repo/path] An image in local OSTree repository. /absolute/repo/path defaults to /ostree/repo.
--authfile
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
--creds="CREDENTIALS"
Credentials (USERNAME:PASSWORD) to use for authenticating to a registry
cert-dir="PATHNAME"
Pathname of a directory containing TLS certificates and keys
--disable-compression, -D
Don't compress copies of filesystem layers which will be pushed
--quiet, -q
When writing the output image, suppress progress output
--remove-signatures
Discard any pre-existing signatures in the image
--signature-policy="PATHNAME"
Pathname of a signature policy file to use. It is not recommended that this option be used, as the default behavior of using the system-wide default policy (frequently /etc/containers/policy.json) is most often preferred
--sign-by="KEY"
Add a signature at the destination using the specified key
--tls-verify
Require HTTPS and verify certificates when contacting registries (default: true)
This example extracts the imageID image to a local directory in docker format.
# kpod push imageID dir:/path/to/image
This example extracts the imageID image to a local directory in oci format.
# kpod push imageID oci-archive:/path/to/layout:image:tag
This example extracts the imageID image to a container registry named registry.example.com
# kpod push imageID docker://registry.example.com/repository:tag
This example extracts the imageID image and puts into the local docker container store
# kpod push imageID docker-daemon:image:tag
This example pushes the alpine image to umohnani/alpine on dockerhub and reads the creds from the path given to --authfile
# kpod push --authfile temp-auths/myauths.json alpine docker://docker.io/umohnani/alpine
Getting image source signatures
Copying blob sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0
4.03 MB / 4.03 MB [========================================================] 1s
Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
1.41 KB / 1.41 KB [========================================================] 1s
Writing manifest to image destination
Storing signatureskpod(1), kpod-pull(1), crio(8), crio.conf(5)