ibmcloud-cr

Set target region for IBM Cloud Container Registry

$ ibmcloud cr region-set

$ ibmcloud cr [[images|image-list]]

$ ibmcloud cr image-inspect [image]

$ ibmcloud cr [[va|vulnerability-assessment]] [image]

$ ibmcloud cr login

$ ibmcloud cr help

ibmcloud cr <command> [OPTIONS...]

api
    (Deprecated) Displays or sets the registry API endpoint for the current region.

cli-update
    Updates the Container Registry CLI plugin to the latest available version.

gc-status
    Displays the current status of garbage collection in your targeted region.

gc-start
    Initiates a new garbage collection run for the current region to reclaim storage.

gc-cancel
    Cancels an ongoing garbage collection run for the current region.

image-list
    Lists all container images across your IBM Cloud Container Registry namespaces.

image-rm
    Removes one or more specified images from the registry. Use with caution.

image-tag
    Adds an additional tag to an existing image, useful for versioning.

image-inspect
    Displays detailed metadata and configuration information about a specific image.

image-prune
    Removes untagged images or all images from a repository based on age or quantity rules.

namespace-add
    Adds a new namespace to your IBM Cloud account for organizing images.

namespace-list
    Lists all namespaces associated with your IBM Cloud account.

namespace-rm
    Removes an existing namespace and all its contained images. Irreversible operation.

private-service-endpoint
    Manages the enablement or disablement of the private service endpoint for the registry.

quota
    Displays information about your current registry storage usage and quota limits.

region-set
    Sets the current IBM Cloud region for Container Registry operations.

retention-policy-set
    Creates or updates an image retention policy for a specified repository.

retention-policy-get
    Displays the configured image retention policy for a specified repository.

retention-policy-rm
    Removes an existing image retention policy from a repository.

retention-run
    Immediately executes the image retention policy for a specified repository.

va-policy-enable
    Enables the Vulnerability Advisor policy for your account, enforcing scan checks.

va-policy-disable
    Disables the Vulnerability Advisor policy for your account.

va-scan
    Performs a Vulnerability Advisor scan on a specific image and displays results.

The ibmcloud-cr (IBM Cloud Container Registry) command is a crucial plugin for the IBM Cloud CLI, providing a comprehensive set of tools for managing container images, namespaces, and related settings within the IBM Cloud Container Registry service. It empowers users to efficiently list, tag, inspect, and remove container images, as well as manage registry namespaces. Furthermore, it allows for the configuration of retention policies for automated image cleanup, control over Vulnerability Advisor policies, and management of garbage collection processes. This command significantly streamlines the workflow for developers and operators working with Docker images and Kubernetes deployments on IBM Cloud, ensuring secure and efficient management of container artifacts throughout their lifecycle. It is an essential tool for integrating registry operations into CI/CD pipelines.

• The ibmcloud-cr command requires the main ibmcloud CLI to be installed and the user to be logged in to an IBM Cloud account.
• All actions are subject to the user's IBM Cloud IAM (Identity and Access Management) permissions. Ensure you have the necessary roles for the operations you intend to perform.
• Namespace names must be unique across all IBM Cloud users within a given region.
• Deletion commands like namespace-rm and image-rm are irreversible. Exercise extreme caution when using them, as they can lead to data loss.
• Most operations are scoped to the currently targeted IBM Cloud region. Verify your target region using ibmcloud target -r <region> or ibmcloud cr region-set.

The ibmcloud-cr plugin leverages the authentication context established by the main ibmcloud login command. No separate login or authentication is required specifically for the registry plugin; it inherits the user's session from the core CLI.

All container images within IBM Cloud Container Registry must reside within a namespace. Namespaces serve as a fundamental organizational unit, allowing users to group related images, apply access controls, and manage resources efficiently within their account. Creating and managing namespaces is a key aspect of using ibmcloud-cr.

IBM Cloud Container Registry is a regional service. This means that images and namespaces are stored and managed within a specific IBM Cloud region. Operations performed with ibmcloud-cr are always executed within the context of the currently targeted IBM Cloud region, which can be set using ibmcloud target or the ibmcloud cr region-set command.

The ibmcloud-cr command emerged as a dedicated plugin for the IBM Cloud CLI, specifically designed to manage the IBM Cloud Container Registry service. As IBM Cloud expanded its container services, the need for a robust command-line interface for registry interactions became apparent. This plugin architecture allows the core ibmcloud CLI to remain modular while extending its capabilities for specialized services. Its development has closely tracked the evolution of the IBM Cloud Container Registry service, incorporating new features such as enhanced security, advanced image retention policies, and comprehensive garbage collection mechanisms, enabling greater automation and integration into modern CI/CD pipelines for containerized applications.

ibmcloud(1), docker(1), kubectl(1), helm(1)