Docker Registry API

Container Registry implements a Docker protocol so that you can push and pull images directly with Docker clients, including the Docker command-line tool.

Google Cloud services that typically integrate with Container Registry, such as Cloud Build and Google Kubernetes Engine, are configured by with default permissions to access repositories in the same project and do not require a separate client.

If you want to interact with Container Registry without the Docker client, we recommend using the gcrane tool. The tool provides:

  • Simple commands that work with Container Registry, Artifact Registry, and other registries.
  • Useful commands for Container Registry and Artifact Registry tasks that do not have an equivalent command in the Google Cloud CLI or the Docker command-line tool, such as listing untagged images or copying images across registry hosts.

If gcrane isn't an appropriate option, you can use the Docker Registry HTTP API.

Authenticating using the Docker Registry HTTP API

If using Docker or the gcrane tool is not an option, you can use the Docker Registry HTTP API.

First, grant the required permissions to your user account. You can then use the Google Cloud CLI to create an access token for requests.

The following example shows the command for listing tags, using my-image as the image and my-project as the Google Cloud project. This example also uses the jq command to filter and format the output returned by requests, but it's optional. The jq tool is included in Cloud Shell.

curl \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
  "https://gcr.io/v2/my-project/my-image/tags/list" | jq ".tags"