Thanks to Skopeo, we can easily copy container images from one registry to another.
- List and manage image vulnerabilities and other security information
- Manage the manifests of an image
If you want more information, checkout their documentation.
I wrote a small script that one can use to automate the copy of images.
Before running the script:
- Get OAuth token from https://quay.io/organization/[your-org]?tab=applications
- Change token, namespace, containers and tag (if needed)
- If your docker.io registry requires authentication, you’ll need to run podman login docker.io (–src-creds option could also be used with Skopeo)
- You’ll need to authenticate against your quay.io registry with podman login quay.io (–dest-creds option could also be used with Skopeo)
As you can see, there are 2 unusual things in this script:
- The “curl” creates an empty public image otherwise quay.io would create a private image by default when copying the image with Skopeo. As far as I know, there is no option in quay.io to change the default policy. Of course, remove it if you don’t want your image to be public by default.
- The retry mechanism is to workaround the 500 error that you might get when it provisions a new repository, and it says it already exists (sounds specific to how the registry receives authentication from Skopeo vs Docker CLI).
Enjoy Skopeo & quay.io!