Skip to content
LEF LEF Docs
GitHubLinkedIn

Container Registry

Overview

Section titled “Overview”

This page documents the standard workflow for building and publishing images to the internal registry.

Entry points

Section titled “Entry points”
  • Registry: registry.coragem.app

Where it runs

Section titled “Where it runs”

Access & security notes

Section titled “Access & security notes”
  • Podman installed (podman, optional buildah).
  • Registry credentials available in the password manager (don’t store tokens in repos).
  • If the registry uses an internal CA, your host must trust it (see Certificate authority (CA)).

Operational notes

Section titled “Operational notes”

Build an image

Section titled “Build an image”

Use podman build (or buildah bud) in the image directory:

cd my-image-dir
podman build -t lef/myimage:latest .

You can also version it:

podman build -t lef/myimage:1.0.0 .

Tag for the registry

Section titled “Tag for the registry”

Point the tag at your registry:

podman tag lef/myimage:1.0.0 registry.coragem.app/lef/myimage:1.0.0
podman tag lef/myimage:1.0.0 registry.coragem.app/lef/myimage:latest

Push

Section titled “Push”

Push one or multiple tags:

podman push registry.coragem.app/lef/myimage:1.0.0
podman push registry.coragem.app/lef/myimage:latest

If you hit TLS errors, the registry CA likely isn’t trusted yet.

Clean up old tags (registry-side)

Section titled “Clean up old tags (registry-side)”

Registry cleanup depends on registry configuration (delete support + garbage collection). Do not delete tags unless you know they aren’t referenced by running services.

List repositories:

Section titled “List repositories:”
curl -s -u "{user}:{token}" -k https://registry.coragem.app/v2/_catalog | jq

List tags in a repo:

Section titled “List tags in a repo:”
curl -s -u "{user}:{token}" -k https://registry.coragem.app/v2/lef/myimage/tags/list | jq

Get manifest digest for a tag:

Section titled “Get manifest digest for a tag:”
curl -I -s -H "Accept: application/vnd.oci.image.manifest.v1+json" \
  -u "{user}:{token}" -k \
  https://registry.coragem.app/v2/lef/myimage/manifests/1.0.0

Look for:

docker-content-digest: sha256:....

Delete tag (not always supported by default):

Section titled “Delete tag (not always supported by default):”
curl -X DELETE -u "{user}:{token}" -k \
  https://registry.coragem.app/v2/lef/myimage/manifests/sha256:...

Then run garbage collect:

podman exec -it registry registry garbage-collect /etc/docker/registry/config.yml

Ensure "delete: enabled: true" is in your registry config.

Remove local images (optional)

Section titled “Remove local images (optional)”
podman rmi lef/myimage:1.0.0

Tagging guidance

Section titled “Tagging guidance”
  • Tag latest explicitly only when you truly want “latest” behavior.
  • Prefer immutable version tags for deployments.
  • Keep tag history small unless a project requires longer retention.

Known risks / failure modes

Section titled “Known risks / failure modes”
  • TLS errors: host doesn’t trust the registry CA.
  • HTTP 401/403: wrong credentials/token or missing permissions.
  • HTTP 413: reverse proxy client_max_body_size is too small for large layers.
  • Delete doesn’t work: registry deletion not enabled or GC not run.
Section titled “Related”
Infra services Technical: runtime Containers as a Service Certificate authority (CA)