OCI registries enable teams to acquire and use images and artifacts through a standardized artifact Interface. Oras is a client side tool

Overview:

OCI Container Registry
Build Image Artifact

Create a local OCI Registry with docker:

# Create SSL Certs 

$ docker -d -p 5000:5000 --restart=always --name registry   -v /opt/docker-registry/data:/var/lib/registry   -v /opt/docker-registry/auth:/auth   -e "REGISTRY_AUTH=htpasswd"   -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"   -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd   -v /opt/docker-registry/certs:/certs   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry_auth.crt   -e REGISTRY_HTTP_TLS_KEY=/certs/registry_auth.key   registry:2
# Test Registry 

$ openssl s_client -showcerts -connect kurtisvelarde.com:5000 < /dev/null   | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

$ oras repo ls --insecure kurtisvelarde.com:5000
--------------------------------------------------

# Build Container Image

# Build Docker test image with apk-tools with a critical vulnerability:

$ cat <<EOF > Dockerfile
FROM alpine:3.1
EOF

Table of Contents

Build Test Image:

$ docker build . -t kurtisvelarde:5000/asmtut:0.1

Push Image to Server

# Make sure insecure-registries are set as we are using self singed certs
# /etc/docker/daemon.json
{
            "insecure-registries" : ["kurtisvelarde.com:5000"]
}
$ docker push kurtisvelarde.com:5000/asmtut:0.1

# View Image Details
$ oras  discover --insecure -o tree kurtisvelarde.com:5000/asmtut:0.1

ORAS and Docker Registry

Build Test Image:

Push Image to Server