NAME¶
podman-manifest-push - Push a manifest list or image index to a registry
SYNOPSIS¶
podman manifest push [options] listnameorindexname [destination]
DESCRIPTION¶
Pushes a manifest list or image index to a registry.
RETURN VALUE¶
The list image’s ID and the digest of the image’s manifest.
OPTIONS¶
--all¶
Push the images mentioned in the manifest list or image index, in addition to the list or index itself. (Default true)
--authfile=path¶
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json on Linux, and $HOME/.config/containers/auth.json on Windows/macOS.
The file is created by podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login.
Note: There is also the option to override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. This can be done with export REGISTRY_AUTH_FILE=path.
--cert-dir=path¶
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. (Default: /etc/containers/certs.d) Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
--compression-format=gzip | zstd¶
Specifies the compression format to use. Supported values are: gzip, and zstd. The default is gzip unless overridden in the containers.conf file.
--compression-level=level¶
Specifies the compression level to use. The value is specific to the compression algorithm used, e.g. for zstd the accepted values are in the range 1-20 (inclusive) with a default of 3, while for gzip it is 1-9 (inclusive) and has a default of 5.
--creds=[username[:password]]¶
The [username[:password]] to use to authenticate with the registry, if required. If one or both values are not supplied, a command line prompt appears and the value can be entered. The password is entered without echo.
Note that the specified credentials are only used to authenticate against
target registries. They are not used for mirrors or when the registry gets
rewritten (see containers-registries.conf(5)); to authenticate against those
consider using a containers-auth.json(5) file.
--digestfile=Digestfile¶
After copying the image, write the digest of the resulting image to the file.
--format, -f=format¶
Manifest list type (oci or v2s2) to use when pushing the list (default is oci).
--quiet, -q¶
When writing the manifest, suppress progress output
--remove-signatures¶
Don’t copy signatures when pushing images.
--rm¶
Delete the manifest list or image index from local storage if pushing succeeds.
--sign-by=fingerprint¶
Sign the pushed images with a “simple signing” signature using the specified key. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
--sign-by-sigstore=param-file**¶
Add a sigstore signature based on further options specified in a containers sigstore signing parameter file param-file. See containers-sigstore-signing-params.yaml(5) for details about the file format.
--sign-by-sigstore-private-key=path¶
Sign the pushed images with a sigstore signature using a private key at the specified path. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
--sign-passphrase-file=path¶
If signing the image (using either --sign-by or --sign-by-sigstore-private-key), read the passphrase to use from the specified path.
--tls-verify¶
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, TLS verification is used. If set to false, TLS verification is not used. If not specified, TLS verification is used unless the target registry is listed as an insecure registry in containers-registries.conf(5)
DESTINATION¶
DESTINATION is the location the container image is pushed to. It supports all transports from containers-transports(5). If no transport is specified, the docker (i.e., container registry) transport is used. For remote clients, including Mac and Windows (excluding WSL2) machines, docker is the only supported transport.
EXAMPLE¶
podman manifest push mylist:v1.11 docker://registry.example.org/mylist:v1.11