On-Premises Container Registry for OCI/docker and singularity/apptainer

• Admin Documentation: Setup / Configuration / Clients / Quotas
• User Documentation

What Am I

(buckethead) - I can store, retrieve and manage OCI and singularity/apptainer containers in a central library.

Compatible with/re-implementation of the singularity library protocol and the OCI distribution spec.

Features

Hinkskalle is supposed to be lightweight! If you need more (and a more mature system), take a look at https://github.com/singularityhub/sregistry!

• simple container storage on local or network filesystems
• local users + LDAP authentication
• minimal permission system

Singularity+Apptainer

• full library:// protocol (should be compatible to sylabs cloud), including architecture specific tags and signed containers (with public pgp keyserver or additional software)
• shub:// pull only for legacy clients and pipelines
• oras:// protocol support for push and pull (not very well tested)

OCI/docker/podman

• OCI distribution spec compliance for docker and oras (not very well tested)

Clients

We can talk to:

• singularity/apptainer
• docker
• podman
• oras

Also check out the Hinkskalle API + CLI:

• hinkskalle-api

GnuPG Keyserver

Signed and verified images require a central lookup of public keys. singularity provides the keys subcommand to manage your keys, upload them and search for public keys.

Since singularity can talk to any (public or not) keyserver, Hinkskalle does not come with keyserver functionality. Instead you can point it either to any keyserver (see https://sks-keyservers.net/ for a list) or run something like HockeyPuck yourself.

Prerequisites

Hinkskalle requires Python3+. A SQL database server (PostgreSQL, MySQL, …) is recommended, but entirely optional (sqlite is fine).