buildah-push(1)

1buildah-push(1)             General Commands Manual            buildah-push(1)
2
3
4

NAME

6       buildah-push  -  Push an image, manifest list or image index from local
7       storage to elsewhere.
8
9

SYNOPSIS

11       buildah push [options] image [destination]
12
13

DESCRIPTION

15       Pushes an image from local storage to a specified  destination,  decom‐
16       pressing and recompessing layers as needed.
17
18

imageID

20       Image stored in local container/storage
21
22

DESTINATION

24       DESTINATION  is  the location the container image is pushed to. It sup‐
25       ports all transports from containers-transports(5)  (see  examples  be‐
26       low).  If  no  transport is specified, the docker (i.e., container reg‐
27       istry) transport is used.
28
29

OPTIONS

31       --all
32
33
34       If specified image is a manifest list or image index, push  the  images
35       in addition to the list or index itself.
36
37
38       --authfile path
39
40
41       Path  of  the  authentication file. Default is ${XDG_\RUNTIME_DIR}/con‐
42       tainers/auth.json. If  XDG_RUNTIME_DIR  is  not  set,  the  default  is
43       /run/containers/$UID/auth.json.  This file is created using using buil‐
44       dah login.
45
46
47       If the authorization  state  is  not  found  there,  $HOME/.docker/con‐
48       fig.json is checked, which is set using docker login.
49
50
51       Note: You can also override the default path of the authentication file
52       by setting the REGISTRY_AUTH_FILE  environment  variable.  export  REG‐
53       ISTRY_AUTH_FILE=path
54
55
56       --cert-dir path
57
58
59       Use  certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
60       istry.  The default certificates directory is /etc/containers/certs.d.
61
62
63       --creds creds
64
65
66       The [username[:password]] to use to authenticate with the  registry  if
67       required.   If  one  or  both  values  are not supplied, a command line
68       prompt will appear and the value can be entered.  The password  is  en‐
69       tered without echo.
70
71
72       --digestfile Digestfile
73
74
75       After copying the image, write the digest of the resulting image to the
76       file.
77
78
79       --disable-compression, -D
80
81
82       Don't compress copies of filesystem layers which will be pushed.
83
84
85       --encryption-key key
86
87
88       The [protocol:keyfile] specifies the encryption protocol, which can  be
89       JWE  (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material
90       required for image encryption. For  instance,  jwe:/path/to/key.pem  or
91       pgp:admin@example.com or pkcs7:/path/to/x509-file.
92
93
94       --encrypt-layer layer(s)
95
96
97       Layer(s)  to encrypt: 0-indexed layer indices with support for negative
98       indexing (e.g. 0 is the first layer, -1 is the last layer). If not  de‐
99       fined, will encrypt all layers if encryption-key flag is specified.
100
101
102       --format, -f
103
104
105       Manifest  Type  (oci, v2s2, or v2s1) to use when pushing an image. (de‐
106       fault is manifest type of the source image, with fallbacks)
107
108
109       --quiet, -q
110
111
112       When writing the output image, suppress progress output.
113
114
115       --remove-signatures
116
117
118       Don't copy signatures when pushing images.
119
120
121       --rm
122
123
124       When pushing a the manifest list or image index, delete them from local
125       storage if pushing succeeds.
126
127
128       --sign-by fingerprint
129
130
131       Sign the pushed image using the GPG key that matches the specified fin‐
132       gerprint.
133
134
135       --tls-verify bool-value
136
137
138       Require HTTPS and verification of certificates  when  talking  to  con‐
139       tainer  registries (defaults to true).  TLS verification cannot be used
140       when talking to an insecure registry.
141
142

EXAMPLE

144       This example pushes the image specified by the imageID to a  local  di‐
145       rectory in docker format.
146
147
148       # buildah push imageID dir:/path/to/image
149
150
151       This  example  pushes the image specified by the imageID to a local di‐
152       rectory in oci format.
153
154
155       # buildah push imageID oci:/path/to/layout:image:tag
156
157
158       This example pushes the image specified by the imageID to a tar archive
159       in oci format.
160
161
162       # buildah push imageID oci-archive:/path/to/archive:image:tag
163
164
165       This  example  pushes the image specified by the imageID to a container
166       registry named registry.example.com.
167
168
169       # buildah push imageID docker://registry.example.com/repository:tag
170
171
172       This example pushes the image specified by the imageID to  a  container
173       registry  named registry.example.com and saves the digest in the speci‐
174       fied digestfile.
175
176
177       # buildah push --digestfile=/tmp/mydigest imageID docker://registry.ex‐
178       ample.com/repository:tag
179
180
181       This   example   works   like   docker  push,  assuming  registry.exam‐
182       ple.com/my_image is a local image.
183
184
185       # buildah push registry.example.com/my_image
186
187
188       This example pushes the image specified by the  imageID  to  a  private
189       container  registry named registry.example.com with authentication from
190       /tmp/auths/myauths.json.
191
192
193       # buildah push --authfile /tmp/auths/myauths.json imageID docker://reg‐
194       istry.example.com/repository:tag
195
196
197       This  example  pushes  the image specified by the imageID and puts into
198       the local docker container store.
199
200
201       # buildah push imageID docker-daemon:image:tag
202
203
204       This example pushes the image specified by the imageID and puts it into
205       the registry on the localhost while turning off tls verification.
206        #  buildah push --tls-verify=false imageID docker://localhost:5000/my-
207       imageID
208
209
210       This example pushes the image specified by the imageID and puts it into
211       the  registry  on  the localhost using credentials and certificates for
212       authentication.
213        #  buildah  push  --cert-dir  ~/auth  --tls-verify=true  --creds=user‐
214       name:password imageID docker://localhost:5000/my-imageID
215
216

ENVIRONMENT

218       BUILD_REGISTRY_SOURCES
219
220
221       BUILD_REGISTRY_SOURCES,  if set, is treated as a JSON object which con‐
222       tains lists  of  registry  names  under  the  keys  insecureRegistries,
223       blockedRegistries, and allowedRegistries.
224
225
226       When  pushing an image to a registry, if the portion of the destination
227       image name that corresponds to a registry is compared to the  items  in
228       the blockedRegistries list, and if it matches any of them, the push at‐
229       tempt is denied.  If there  are  registries  in  the  allowedRegistries
230       list,  and  the portion of the name that corresponds to the registry is
231       not in the list, the push attempt is denied.
232
233
234       TMPDIR The TMPDIR environment variable allows the user to specify where
235       temporary  files are stored while pulling and pushing images.  Defaults
236       to '/var/tmp'.
237
238

FILES

240       registries.conf (/etc/containers/registries.conf)
241
242
243       registries.conf is the configuration file which  specifies  which  con‐
244       tainer registries should be consulted when completing image names which
245       do not include a registry or domain portion.
246
247
248       policy.json (/etc/containers/policy.json)
249
250
251       Signature policy file.  This defines the trust policy for container im‐
252       ages.   Controls  which container registries can be used for image, and
253       whether or not the tool should trust the images.
254
255