LinuxCommandLibrary

crane-copy

Copy container images between registries

TLDR

Copy an image from source to target

$ crane [[cp|copy]] [source] [target]
copy

Copy all tags
$ crane [[cp|copy]] [source] [target] [[-a|--all-tags]]
copy

Set the maximum number of concurrent copies, defaults to GOMAXPROCS
$ crane [[cp|copy]] [source] [target] [[-j|--jobs]] [int]
copy

Avoid overwriting existing tags in target
$ crane [[cp|copy]] [source] [target] [[-n|--no-clobber]]
copy

Display help
$ crane [[cp|copy]] [[-h|--help]]
copy

SYNOPSIS

crane copy [OPTIONS] <SOURCE> <TARGET>

PARAMETERS

-h, --help
    Print detailed help

-v, --verbose
    Enable verbose logging

--platform PLATFORM
    Copy specific platforms (e.g., linux/amd64,linux/arm64); 'all' by default

--overwrite
    Overwrite existing image at TARGET

--insecure
    Allow HTTP/insecure registries

--progress STYLE
    Progress bar style: auto, plain, none (default auto)

--registry-mirror-url URL
    Mirror URL for SOURCE pulls

DESCRIPTION

The crane copy command, part of the lightweight crane CLI tool from Google's go-containerregistry project, efficiently copies OCI-compliant container images from a source registry to a target registry.

It operates by streaming image layers directly between registries without downloading them to local disk, minimizing bandwidth usage and storage needs. This is particularly useful for multi-platform images (e.g., amd64, arm64), as it can copy all or specific architectures in parallel.

SOURCE and TARGET can be specified as repository tags (e.g., docker.io/library/nginx:latest) or digests (e.g., registry.example.com/img@sha256:abc...). Crane handles authentication via standard mechanisms like ~/.docker/config.json.

Key benefits include speed for large images, no Docker daemon requirement, and support for insecure registries or mirrors. It's ideal for CI/CD pipelines, mirroring, or migrating images across providers like Docker Hub, quay.io, or private registries.

CAVEATS

Requires read access to SOURCE and write access to TARGET; auth via Docker config; no built-in parallel for single-platform; large multi-arch copies need good network.

EXAMPLES

crane copy alpine:latest localhost:5000/alpine
crane copy --platform=linux/arm64 docker.io/nginx myreg/nginx
crane copy --overwrite oldreg/img@sha256:abc newreg/img

AUTH NOTES

Uses ~/.docker/config.json or env vars; run crane auth login for private registries.

HISTORY

Introduced in go-containerregistry v0.1.0 (2019) by Google; evolved for OCI 1.0 compliance; widely used in Kubernetes ecosystem for image ops without daemons.

SEE ALSO

crane(1), skopeo(1), regctl(1), docker(1)

Copied to clipboard