crane-registry

Serve a registry implementation

$ crane registry serve

$ crane registry serve --address [address_name]

$ crane registry serve --disk [path/to/store_dir]

$ crane registry [[-h|--help]]

$ crane registry serve [[-h|--help]]

crane [global-options] command [command-options] [arguments...]

Common registry-related commands include:
  crane copy source-image destination-image
  crane ls registry/repository
  crane pull image-ref local-path
  crane push local-path image-ref
  crane auth login registry-url
  crane manifest image-ref

--debug
    Output debug logs to diagnose issues.

--insecure
    Allow insecure registry connections via HTTP or skip TLS verification for HTTPS.

--platform
    Specify a target platform (e.g., linux/amd64) for image operations like pulling or copying.

--allow-nondistributable-artifacts
    For copy command, allows copying layers marked as non-distributable (e.g., Windows base layers).

--format
    Specify the output format for commands like ls or manifest (e.g., json, yaml).

--tag
    For push command, specifies a tag for the image being pushed.

--output
    For pull command, specifies the local path where the image content should be saved.

Crane is a powerful, open-source command-line tool developed by GoogleContainerTools for interacting directly with OCI (Open Container Initiative) container images and registries.
It enables users to perform a wide array of operations without the need for a local Docker or Podman daemon, making it highly efficient for automated workflows and environments where a full container engine is unnecessary.
Key functionalities include copying images between registries, inspecting image manifests and layers, listing repository tags, and performing low-level authentication and image manipulation tasks.
Its design focuses on adherence to the OCI specification, ensuring compatibility and reliability for modern container ecosystems.

crane is not typically pre-installed with standard Linux distributions and usually requires manual installation (e.g., via Go toolchain or pre-built binaries).
It relies on network access to container registries, and proxy configurations might need specific environment variables to be set.
While highly compatible with OCI specifications, subtle differences in older or non-standard registry implementations might occasionally arise.
Error messages can sometimes be low-level, reflecting the direct interaction with registry APIs, which might require familiarity with OCI concepts.

A key advantage of crane is its ability to operate independently of a local Docker or Podman daemon.
This makes it ideal for scripting, CI/CD pipelines, and environments where installing a full container runtime is impractical or undesirable, significantly reducing overhead and dependencies.

crane is built to strictly adhere to the OCI Image Format Specification and Distribution Specification.
This ensures high compatibility with a wide range of modern container registries and allows for robust, predictable interactions with container images, promoting ecosystem interoperability.

Beyond basic image copying, crane is extensively used for tasks like:
  Image Repackaging: Modifying image manifests, adding signatures, or changing platforms.
  Vulnerability Scanning: Extracting image layers for analysis without pulling the full image.
  Registry Mirroring: Efficiently replicating images between different registry instances.
  Supply Chain Security: Verifying image provenance and integrity, and pushing signed artifacts.

crane originated from the go-containerregistry project by GoogleContainerTools.
It was developed to address the need for a lightweight, programmatic, and daemonless way to interact with container registries and OCI images.
Its development has focused on providing precise control over image layers and manifests, which is crucial for modern container supply chain security, image manipulation, and CI/CD automation. It has evolved as a core component in many automated container workflows.

docker(1): General container management and image building., podman(1): Daemonless container management, alternative to Docker., skopeo(1): Similar tool for copying, inspecting, and deleting container images., oras(1): OCI Registry As Storage for arbitrary artifacts.