Tuesday, June 6, 2023
Home AUTOMATION Skopeo: Master Management Tool of Container Images and Registries

Skopeo: Master Management Tool of Container Images and Registries

Skopeo: Master Management Tool of Container Image and Registries

What is Skopeo?

Skopeo is a tool to manage and distribute container images. It can work also between different image registries. For example, you can copy container images from public registries such as quay.io and docker.io to your local registry or vice versa. Even, it is possible to move them directly into a Docker daemon. Red Hat has developed Skopeo as an accompanying tool for Buildah, Podman, and CRI-O. Remarkably, it does not necessarily require root privileges and a daemon process. However, you can only use Skopeo on Linux systems for now. There is no Windows version, yet you can use Skopeo inside a container. 

Differences with Docker Image Command

Skopeo gives you flexibility by allowing you to work with a wide variety of images and repository types. Using Skopeo CLI, you can operate on container registry, container storage, local file system, Docker archive, Docker daemon, and local directory with OCI formatting efficiently.

One of the striking features of Skopeo is the advanced usage of the inspect command set. Containers certainly make our life easier by building and installing applications. We often need their metadata. Therefore, it is crucial to easily access valuable information such as Digests and Layers. Yet, querying container metadata is sometimes challenging.

Docker Image vs. Skopeo

Docker has some pretty limited functionality for this issue. It would help if you used docker pull command first and downloaded images to the local machine to access container metadata.  However, skopeo inspect does its job without downloading the container image to your locale. Just identify the container format, the location of the registry, and the repository/image. It is a much better solution than having to run docker image pull IMAGE_NAME ; docker image inspect IMAGE_NAME.

Besides inspecting metadata of remote repositories, Skopeo enables users to perform various operations. It includes copying and deleting images from an image repository, signing and converting images across different formats, or syncing remote registries. Skopeo could also deal with credentials and authentication successfully when required by the repository.

Basic Operations

Inspect

Examines a repository on a container registry and fetches images layers. Output can be in JSON format (default) or raw format.

$ skopeo inspect docker://registry.fedoraproject.org/fedora:latest
{
    "Name": "registry.fedoraproject.org/fedora",
    "Digest": "sha256:655721ff613ee766a4126cb5e0d5ae81598e1b0c3bcf7017c36c4d72cb092fe9",
    "RepoTags": [
        "24",
        "25",
        "26-modular",
	...
    ],
    "Created": "2020-04-29T06:48:16Z",
    "DockerVersion": "1.10.1",
    "Labels": {
        "license": "MIT",
        "name": "fedora",
        "vendor": "Fedora Project",
        "version": "32"
    },
    "Architecture": "amd64",
    "Os": "linux",
    "Layers": [
        "sha256:3088721d7dbf674fc0be64cd3cf00c25aab921cacf35fa0e7b1578500a3e1653"
    ],
    "Env": [
        "DISTTAG=f32container",
        "FGC=f32",
        "container=oci"
    ]
}

Copy

Copies container images between various storage mechanisms, including registry, storage, local directory, and OCI-Layout directories.

$ skopeo copy docker://quay.io/buildah/stable docker://registry.internal.company.com/buildah
$ skopeo copy oci:busybox_ocilayout:latest dir:existingemptydirectory

Delete

$ skopeo delete docker://localhost:5000/imagename:latest

Sync

$ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb

Login (Authenticating)

Skopeo supports various ways to specify credentials. Let’s use --creds flag directly.

$ skopeo inspect --creds=testuser:testpassword docker://myregistrydomain.com:5000/busybox
{"Tag":"latest","Digest":"sha256:473bb2189d7b913ed7187a33d11e743fdc2f88931122a44d91a301b64419f092","RepoTags":["latest"],"Comment":"","Created":"2016-01-15T18:06:41.282540103Z","ContainerConfig":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"DockerVersion":"1.8.3","Author":"","Config":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"Architecture":"amd64","Os":"linux"}
$ skopeo copy --src-creds=testuser:testpassword docker://myregistrydomain.com:5000/private oci:local_oci_image

Conclusion

Skopeo is a worldwide application that moves container images. It seems to be an indispensable tool along with Podman and Buildah in CI/CD systems. Especially, it is valid for keeping container registries up-to-date and loading up container storage to several container servers.


**It was created by using the content of the website: https://github.com/containers/skopeo.

Mustafa Gonen
DevOps engineer, helps companies to balance their needs throughout the software development life cycle, from coding and deployment to maintenance and updates by automation. He believes the beauty of diversity. Working in DevOps culture and being a part of this harmony makes him highly motivated and satisfied.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Popular

How to query EC2 tags from within the instance?

Intro To help you manage your instances, images, and other Amazon EC2 resources, you can assign your own...

How to install Python3 on Amazon Linux 2?

Intro Python is an object-oriented programming language that is widely used. In addition to that, it's free and...

How to connect an AWS EC2 instance with FileZilla and do SFTP?

Intro EC2 is one of the essential services of Amazon Web Services (AWS), providing highly available and scalable...

How to install AWS CLI v2 on Linux?

Intro Whether you’ve been using AWS for some time or you are a novice, you may have noticed...

Recent Comments