Docker公共registry中是否存在图像的规范方法是什么?
我们希望在开始部署之前自动检查公共registry(Docker Hub)中是否存在映像。 使用v1 API,我们只需要查询https://index.docker.io/v1/repositories/gliderlabs/alpine/tags/3.2 。
但现在registry的官方API是v2,在公共registry中检查图像存在的官方方式是什么?
V1
$ curl -i https://index.docker.io/v1/repositories/gliderlabs/alpine/tags/latest HTTP/1.1 200 OK Server: nginx/1.6.2 Date: Tue, 11 Aug 2015 10:02:09 GMT Content-Type: application/json Transfer-Encoding: chunked Vary: Cookie X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 [{"pk": 20307475, "id": "5bd56d81"}, {"pk": 20355979, "id": "511136ea"}]
v2 :
$ curl -i https://index.docker.io/v2/repositories/gliderlabs/alpine/tags/latest HTTP/1.1 301 MOVED PERMANENTLY Server: nginx/1.6.2 Date: Tue, 11 Aug 2015 10:04:20 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked X-Frame-Options: SAMEORIGIN Location: https://index.docker.io/v2/repositories/gliderlabs/alpine/tags/latest/ Strict-Transport-Security: max-age=31536000 $ curl -i https://index.docker.io/v2/repositories/gliderlabs/alpine/tags/latest/ HTTP/1.1 301 MOVED PERMANENTLY Server: nginx/1.6.2 Date: Tue, 11 Aug 2015 10:04:26 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked X-Frame-Options: SAMEORIGIN Location: https://registry.hub.docker.com/v2/repositories/gliderlabs/alpine/tags/latest/ Strict-Transport-Security: max-age=31536000 $ curl -i https://registry.hub.docker.com/v2/repositories/gliderlabs/alpine/tags/latest/ HTTP/1.1 200 OK Server: nginx/1.6.2 Date: Tue, 11 Aug 2015 10:04:34 GMT Content-Type: application/json Transfer-Encoding: chunked Vary: Cookie X-Frame-Options: SAMEORIGIN Allow: GET, DELETE, HEAD, OPTIONS Strict-Transport-Security: max-age=31536000 {"name": "latest", "full_size": 5250074, "id": 130839, "repository": 127805, "creator": 152141, "last_updater": 152141, "image_id": null, "v2": false}
我应该坚持v1url,即使它现在是一种不赞成使用或使用v2url,但没有关于它的文件? 如果我使用v2 ,我应该直接使用https://index.docker.io/v1/还是使用https://index.docker.io/v1/并遵循redirect?
上游的download-frozen-image-v2.sh脚本至less应该是一个体面的API例子( https://github.com/docker/docker/blob/6bf8844f1179108b9fabd271a655bf9eaaf1ee8c/contrib/download-frozen-image-v2 .sh#L47-L54 )。
主要的关键是你需要击中registry-1.docker.io而不是index.docker.io ,并且你需要一个来自auth.docker.io ( https://auth.docker)的“token” 。 io / token?service = registry.docker.io&scope = repository:gliderlabs / alpine:pull ),即使您只是请求公共存储库的只读访问权限。 获得该令牌后,您可以使用Authorization标题访问https://registry-1.docker.io/v2/gliderlabs/alpine/manifests/latest , Authorization标头将返回图像的JSON清单或出错404。
token="$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output .token)" curl -fsSL -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/manifests/$digest"