OCI Registries
The wasmCloud host supports pulling OCI artifacts for components and providers from OCI (Open Container Initiative) registries. These artifacts are not container images, but conform to OCI standards and may be stored on any OCI-compatible registry. See the Packaging page for more details on how the wasmCloud ecosystem uses OCI artifacts for packaging.
Allowing insecure access to a registry
By default wasmCloud will pull all images from a registry over HTTPS. If you need to pull images from a registry that does not have a valid certificate, you can allow wasmCloud to pull images from that registry by setting the WASMCLOUD_OCI_ALLOWED_INSECURE environment variable. For example:
export WASMCLOUD_OCI_ALLOWED_INSECURE='myregistry.example.com'
wash up
You may also include multiple registries in a comma-separated list.
Configuring access to a private registry
In production environments, it's common to pull artifacts from a private registry. wasmCloud hosts can configured to authenticate with a private registry using host configuration. For example, the following environment variables can be used to authenticate to the registry specified with the WASMCLOUD_OCI_REGISTRY option:
export WASMCLOUD_OCI_REGISTRY_USER='myuser'
export WASMCLOUD_OCI_REGISTRY_PASSWORD='myp4$$w0rd'
wash up
Working with multiple registries
Sometimes it's necessary to pull artifacts from multiple private registries. In this case, a config service can be used to provide supplemental configuration, including credentials for multiple OCI registries.