Images and Layers


Naming scheme

Format: <registry>/<repository>:<tag>

<repository> describes purpose

<tag> describes variant or version

<repository>:<tag> is called an image

Docker Hub

On Docker Hub: <repository>:<tag>

Official image: alpine:stable

Community image: nicholasdille/insulatr


Images and layers

Images consist of layers

Layers improve download performance

Layers enable reusability


Image Manifest

Lists layers in the image

Layers are referenced as blobs

References are SHA256 hashed: sha256:...

Image configuration

Contains command used to create layers

Stored as blob


Demo: Layers 020_advanced/030_layers

Upload image to local registry

Build and push image:

docker run -d -p 127.0.0.1:5000:5000 registry:2
docker build --tag localhost:5000/hello-world-java .
docker push localhost:5000/hello-world-java

Check layers:

docker history localhost:5000/hello-world-java

Analyze layers:

dive hello-world-java

https://github.com/wagoodman/dive


Demo: Image Manifest 020_advanced/030_layers

Fetch image manifest:

curl http://localhost:5000/v2/hello-world-java/manifests/latest \
  --silent \
  --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
| jq

Demo: Image Configuration 020_advanced/030_layers

Fetch image configuration:

DIGEST=$(
  curl http://localhost:5000/v2/hello-world-java/manifests/latest \
    --silent \
    --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
  | jq --raw-output '.config.digest'
)
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
  --silent \
  --header "Accept: application/vnd.docker.container.image.v1+json" \
| jq

Demo: Download image layer 020_advanced/030_layers

Fetch digest of last layer:

DIGEST=$(
  curl http://localhost:5000/v2/hello-world-java/manifests/latest \
    --silent \
    --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
  | jq --raw-output '.layers[-1].digest'
)

View layer tarball:

curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
  --silent \
  --header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| tar -tvz

Demo: Verifying a layer 020_advanced/030_layers

Verifying a layer digest:

curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
  --silent \
  --header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| sha256sum

Calculating a layer’s length:

curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
  --silent \
  --header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| wc -c

Registries

REST API and Image Manifest Specification v2.2

No UI

Manage images, layers, configurations

Upload, list, update, delete

Usage

Registries are accessed using HTTPS

Insecure registries must be defined expicitly

Accepted insecure registry: 127.0.0.1/8


Demo: Registries 020_advanced/030_layers

Tagging images remotely

Download existing manifest:

MANIFEST=$(
  curl http://localhost:5000/v2/hello-world-java/manifests/latest \
    --silent \
    --header "Accept: application/vnd.docker.distribution.manifest.v2+json"
)

Upload manifest to new path:

curl http://localhost:5000/v2/hello-world-java/manifests/new \
  --request PUT \
  --header "Content-Type: application/vnd.docker.distribution.manifest.v2+json" \
  --data "${MANIFEST}"