1buildah-push"1"(June 2017)                          buildah-push"1"(June 2017)
2
3
4

NAME

6       buildah-push - Push an image from local storage to elsewhere.
7
8

SYNOPSIS

10       buildah push [options] image [destination]
11
12

DESCRIPTION

14       Pushes  an  image from local storage to a specified destination, decom‐
15       pressing and recompessing layers as needed.
16
17

imageID

19       Image stored in local container/storage
20
21

DESTINATION

23       The DESTINATION is a location to store container  images.  If  omitted,
24       the source image parameter will be reused as destination.
25
26
27       The  Image  "DESTINATION" uses a "transport":"details" format. Multiple
28       transports are supported:
29
30
31       dir:path
32         An existing local directory path storing the manifest, layer tarballs
33       and  signatures as individual files. This is a non-standardized format,
34       primarily useful for debugging or noninvasive container inspection.
35
36
37       docker://docker-reference
38         An image in a registry implementing the  "Docker  Registry  HTTP  API
39       V2".   By   default,   uses   the  authorization  state  in  $XDG\_RUN‐
40       TIME\_DIR/containers/auth.json, which is set using (buildah login).  If
41       the  authorization  state is not found there, $HOME/.docker/config.json
42       is checked, which is set using (docker login).
43         If docker-reference does not include a registry name, the image  will
44       be pushed to a registry running on localhost.
45
46
47       docker-archive:path[:docker-reference]
48         An  image is stored in the docker save formatted file.  docker-refer‐
49       ence is only used when creating such a file, and it must not contain  a
50       digest.
51
52
53       docker-daemon:docker-reference
54         An  image _dockerreference stored in the docker daemon internal stor‐
55       age. If _dockerreference does not begin with a valid registry  name  (a
56       domain  name  containing "." or the reserved name "localhost") then the
57       default registry name "docker.io" will be  prepended.  _dockerreference
58       must  contain  either  a  tag  or a digest. Alternatively, when reading
59       images, the format can also be docker-daemon:algo:digest (an image ID).
60
61
62       oci:path:tag
63         An image tag in a directory compliant with "Open Container Image Lay‐
64       out Specification" at path.
65
66
67       oci-archive:path:tag
68         An  image  tag  in a tar archive compliant with "Open Container Image
69       Layout Specification" at path.
70
71
72       If the  transport  part  of  DESTINATION  is  omitted,  "docker://"  is
73       assumed.
74
75

OPTIONS

77       --authfile path
78
79
80       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
81       ers/auth.json, which is set using buildah login.  If the  authorization
82       state  is  not found there, $HOME/.docker/config.json is checked, which
83       is set using docker login.
84
85
86       --cert-dir path
87
88
89       Use certificates at path (*.crt, *.cert, *.key) to connect to the  reg‐
90       istry.  Default certificates directory is /etc/containers/certs.d.
91
92
93       --creds creds
94
95
96       The  [username[:password]]  to use to authenticate with the registry if
97       required.  If one or both values  are  not  supplied,  a  command  line
98       prompt  will  appear  and  the  value  can be entered.  The password is
99       entered without echo.
100
101
102       --digestfile Digestfile
103
104
105       After copying the image, write the digest of the resulting image to the
106       file.
107
108
109       --disable-compression, -D
110
111
112       Don't compress copies of filesystem layers which will be pushed.
113
114
115       --format, -f
116
117
118       Manifest  Type  (oci, v2s1, or v2s2) to use when saving image to direc‐
119       tory using the 'dir:' transport (default is manifest type of source)
120
121
122       --quiet, -q
123
124
125       When writing the output image, suppress progress output.
126
127
128       --tls-verify bool-value
129
130
131       Require HTTPS and verify certificates when talking  to  container  reg‐
132       istries (defaults to true)
133
134

EXAMPLE

136       This  example  pushes  the  image  specified  by the imageID to a local
137       directory in docker format.
138
139
140       # buildah push imageID dir:/path/to/image
141
142
143       This example pushes the image specified  by  the  imageID  to  a  local
144       directory in oci format.
145
146
147       # buildah push imageID oci:/path/to/layout:image:tag
148
149
150       This example pushes the image specified by the imageID to a tar archive
151       in oci format.
152
153
154       # buildah push imageID oci-archive:/path/to/archive:image:tag
155
156
157       This example pushes the image specified by the imageID to  a  container
158       registry named registry.example.com.
159
160
161       # buildah push imageID docker://registry.example.com/repository:tag
162
163
164       This  example  pushes the image specified by the imageID to a container
165       registry named registry.example.com and saves the digest in the  speci‐
166       fied digestfile.
167
168
169       #   buildah   push   --digestfile=/tmp/mydigest  imageID  docker://reg‐
170       istry.example.com/repository:tag
171
172
173       This  example  works  like   docker   push,   assuming   registry.exam‐
174       ple.com/my_image is a local image.
175
176
177       # buildah push registry.example.com/my_image
178
179
180       This  example  pushes  the  image specified by the imageID to a private
181       container registry named registry.example.com with authentication  from
182       /tmp/auths/myauths.json.
183
184
185       # buildah push --authfile /tmp/auths/myauths.json imageID docker://reg‐
186       istry.example.com/repository:tag
187
188
189       This example pushes the image specified by the imageID  and  puts  into
190       the local docker container store.
191
192
193       # buildah push imageID docker-daemon:image:tag
194
195
196       This example pushes the image specified by the imageID and puts it into
197       the registry on the localhost while turning off tls verification.
198        #   buildah   push    --tls-verify=false    imageID    docker://local‐
199       host:5000/my-imageID
200
201
202       This example pushes the image specified by the imageID and puts it into
203       the registry on the localhost using credentials  and  certificates  for
204       authentication.
205        #  buildah  push  --cert-dir    /auth  --tls-verify=true --creds=user‐
206       name:password imageID docker://localhost:5000/my-imageID
207
208

ENVIRONMENT

210       BUILD_REGISTRY_SOURCES
211
212
213       BUILD_REGISTRY_SOURCES, if set, is treated as a JSON object which  con‐
214       tains  lists  of  registry  names  under  the  keys insecureRegistries,
215       blockedRegistries, and allowedRegistries.
216
217
218       When pushing an image to a registry, if the portion of the  destination
219       image  name  that corresponds to a registry is compared to the items in
220       the blockedRegistries list, and if it matches any  of  them,  the  push
221       attempt  is  denied.   If there are registries in the allowedRegistries
222       list, and the portion of the name that corresponds to the  registry  is
223       not in the list, the push attempt is denied.
224
225

FILES

227       registries.conf (/etc/containers/registries.conf)
228
229
230       registries.conf  is  the  configuration file which specifies which con‐
231       tainer registries should be consulted when completing image names which
232       do not include a registry or domain portion.
233
234
235       policy.json (/etc/containers/policy.json)
236
237
238       Signature  policy  file.   This  defines the trust policy for container
239       images.  Controls which container registries can be used for image, and
240       whether or not the tool should trust the images.
241
242

SEE ALSO

244       buildah(1),  buildah-login(1),  policy.json(5),  docker-login(1),  reg‐
245       istries.conf(5)
246
247
248
249                                    buildah         buildah-push"1"(June 2017)
Impressum