Format: <registry>/<repository>:<tag>
<repository>
describes purpose
<tag>
describes variant or version
<repository>:<tag>
is called an image
On Docker Hub: <repository>:<tag>
Official image: alpine:stable
Community image: nicholasdille/insulatr
–
Images consist of layers
Layers improve download performance
Layers enable reusability
Lists layers in the image
Layers are referenced as blobs
References are SHA256 hashed: sha256:...
Contains command used to create layers
Stored as blob
–
Upload image to local registry
Build and push image:
docker run -d -p 5000:5000 registry:2
docker build --tag localhost:5000/hello-world-java .
docker push localhost:5000/hello-world-java
Check layers:
docker history hello-world-java
Analyze layers:
dive hello-world-java
https://github.com/wagoodman/dive
–
Fetch image manifest:
curl http://localhost:5000/v2/hello-world-java/manifests/latest \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
| jq
–
Fetch image configuration:
DIGEST=$(
curl http://localhost:5000/v2/hello-world-java/manifests/latest \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
| jq --raw-output '.config.digest'
)
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
--silent \
--header "Accept: application/vnd.docker.container.image.v1+json" \
| jq
–
Fetch digest of last layer:
DIGEST=$(
curl http://localhost:5000/v2/hello-world-java/manifests/latest \
--silent \
--header "Accept: application/vnd.docker.container.image.v1+json" \
| jq --raw-output '.layers[-1].digest'
)
View layer tarball:
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
--silent \
--header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| tar -tvz
–
Verifying a layer digest:
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
--silent \
--header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| sha256sum
Calculating a layer’s length:
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
--silent \
--header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| wc -c
REST API
No UI
Manage images, layers, configurations
Upload, list, update, delete
Registries are accessed using HTTPS
Insecure registries must be defined expicitly
Accepted insecure registry: 127.0.0.1/8
Image Manifest Specification v2.2
–
Download existing manifest:
MANIFEST=$(
curl http://localhost:5000/v2/hello-world-java/manifests/latest \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json"
)
Upload manifest to new path:
curl http://localhost:5000/v2/hello-world-java/manifests/new \
--request PUT \
--header "Content-Type: application/vnd.docker.distribution.manifest.v2+json" \
--data "${MANIFEST}"
Test new tag:
docker pull localhost:5000/hello-world-java:new