PlatformRegistriesDocker

Docker Registry

Push and pull OCI container images from Drok's integrated container registry.

Drok includes an OCI-compliant container registry. Push, pull, and manage container images using Docker, Podman, or any OCI-compatible client.

Authentication

docker login drok.us -u your-username -p $Drok_TOKEN

Or using the Drok CLI:

drok auth docker

This configures Docker's credential store with your Drok authentication.

Pushing Images

Tag your image with the Drok registry prefix and push:

docker build -t drok.us/your-org/my-app:latest .
docker push drok.us/your-org/my-app:latest

Multi-Architecture Images

Push multi-architecture manifests using docker buildx:

docker buildx build \
  --platform linux/amd64,linux/arm64 \
  -t drok.us/your-org/my-app:latest \
  --push .

From Pipelines

# .lehub/pipeline.yml
stages:
  - name: build-image
    steps:
      - name: Build and push
        run: |
          docker build -t drok.us/$ORG/my-app:$CI_COMMIT_TAG .
          docker push drok.us/$ORG/my-app:$CI_COMMIT_TAG
        secrets: [Drok_TOKEN]
    services:
      - name: docker
        image: docker:dind

Pulling Images

docker pull drok.us/your-org/my-app:latest

Image Management

Tags

List tags for an image:

drok package tags your-org/my-app

Garbage Collection

Untagged manifests and unreferenced layers are automatically garbage collected after 7 days. Tagged images are never automatically deleted.

Image Scanning

Container images are scanned for known vulnerabilities on push. Scan results are displayed on the image page in the web interface and available via the API:

drok package scan your-org/my-app:latest

Features

  • OCI Distribution Spec v2 — Full compliance with the OCI distribution specification
  • Multi-architecture support — Manifest lists and image indexes for multi-platform images
  • Layer deduplication — Shared layers are stored once, reducing storage usage
  • Pull-through cache — Optionally cache Docker Hub images to avoid rate limiting
  • Immutable tags — Optionally enforce tag immutability to prevent overwrites
  • Webhook notifications — Trigger webhooks on image push, delete, and scan completion

Storage

Container images are stored on Drok's infrastructure with the same redundancy and availability guarantees as repository data. Layer deduplication typically reduces actual storage usage to 30-50% of the nominal image sizes.

Previous
Cargo Registry
Next
Maven Registry