Format: <registry>/<repository>:<tag>
<repository>
describes purpose
<tag>
describes variant or version
<repository>:<tag>
is called an image
On Docker Hub: <repository>:<tag>
Official image: alpine:stable
Community image: nicholasdille/insulatr
Images consist of layers
Layers improve download performance
Layers enable reusability
Lists layers in the image
Layers are referenced as blobs
References are SHA256 hashed: sha256:...
Contains command used to create layers
Stored as blob
Upload image to local registry
Build and push image:
docker run -d -p 127.0.0.1:5000:5000 registry:2
docker build --tag localhost:5000/hello-world-java .
docker push localhost:5000/hello-world-java
Check layers:
docker history localhost:5000/hello-world-java
Analyze layers:
dive hello-world-java
https://github.com/wagoodman/dive
Fetch image manifest:
curl http://localhost:5000/v2/hello-world-java/manifests/latest \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
| jq
Fetch image configuration:
DIGEST=$(
curl http://localhost:5000/v2/hello-world-java/manifests/latest \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
| jq --raw-output '.config.digest'
)
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
--silent \
--header "Accept: application/vnd.docker.container.image.v1+json" \
| jq
Fetch digest of last layer:
DIGEST=$(
curl http://localhost:5000/v2/hello-world-java/manifests/latest \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
| jq --raw-output '.layers[-1].digest'
)
View layer tarball:
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
--silent \
--header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| tar -tvz
Verifying a layer digest:
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
--silent \
--header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| sha256sum
Calculating a layer’s length:
curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
--silent \
--header "Accept: application/vnd.docker.image.rootfs.diff.tar.gzip" \
| wc -c
REST API and Image Manifest Specification v2.2
No UI
Manage images, layers, configurations
Upload, list, update, delete
Registries are accessed using HTTPS
Insecure registries must be defined expicitly
Accepted insecure registry: 127.0.0.1/8
Download existing manifest:
MANIFEST=$(
curl http://localhost:5000/v2/hello-world-java/manifests/latest \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json"
)
Upload manifest to new path:
curl http://localhost:5000/v2/hello-world-java/manifests/new \
--request PUT \
--header "Content-Type: application/vnd.docker.distribution.manifest.v2+json" \
--data "${MANIFEST}"