Sta*_*lfi 4 docker docker-registry
我试图在不拉动图像的情况下获取图像的标签。
例如:在 docker-hub 中,在我的用户名 ( stavalfi) 中,在 repo 中projecty:https://hub.docker.com/v2/repositories/stavalfi/projecty/tags
我想获得这张图片的所有标签。
遵循本指南:https : //hackernoon.com/inspecting-docker-images-without-pulling-them-4de53d34a604
和这个:https : //docs.docker.com/registry/spec/api/#pulling-a-layer
我试图到达http://$REGISTRY_ADDRESS/v2/$image/blobs/$digest::
但结果是 404。
问题是什么?
我无法使用,skopeo因为它无法通过 HTTP 连接(不安全)检查注册表。
您可以在 docker manifest 的第一层找到标签:
$ repo=stavalfi/k8test-monitoring
$ token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" \
| jq -r '.token')
$ curl -s -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/${repo}/manifests/latest" \
| jq ".history[0].v1Compatibility" -r | jq .config.Labels
{
"latest-hash": "dc971f310bd0b172fd0379cc9a1810f209c9a9604a28da14cef36457",
"latest-tag": "1.3.4"
}
更新:v2 注册表 API 更简洁一些,但还需要一个 curl:
$ repo=stavalfi/k8test-monitoring
$ token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" \
| jq -r '.token')
$ digest=$(curl -s -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/${repo}/manifests/latest" \
| jq .config.digest -r)
$ curl -s -L -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/${repo}/blobs/$digest" \
| jq .config.Labels
{
"latest-hash": "dc971f310bd0b172fd0379cc9a1810f209c9a9604a28da14cef36457",
"latest-tag": "1.3.4"
}
对于更通用的用例,这里有一个脚本可以在不下载完整图像的情况下拉取 docker hub 上任何公共图像的配置:
#!/bin/sh
repo=${1:-library/ubuntu}
tag=${2:-latest}
token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" \
| jq -r '.token')
digest=$(curl -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-H "Authorization: Bearer $token" \
-s "https://registry-1.docker.io/v2/${repo}/manifests/${tag}" | jq -r .config.digest)
curl -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-H "Authorization: Bearer $token" \
-s -L "https://registry-1.docker.io/v2/${repo}/blobs/${digest}" | jq .
只需确保包含官方图像的“库”前缀:
$ ./get-config-v2.sh library/alpine 3.9
{
"architecture": "amd64",
"config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh"
],
"ArgsEscaped": true,
"Image": "sha256:186eda4636e895d982896312666e472a2d62aab1490608701e1b3438ac6649e7",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
....
由于这个答案是先贴,我还创建了regclient其中包括命令regctl。这处理身份验证,允许您配置没有 TLS 或自签名证书的注册表,解析多平台图像,并包括对 Go 模板的支持以提取您想要的特定字段:
$ regctl image config regclient/regsync:latest --format '{{ jsonPretty .Config.Labels }}'
{
"maintainer": "",
"org.opencontainers.image.authors": "Regclient contributors",
"org.opencontainers.image.created": "2021-04-02T18:55:09Z",
"org.opencontainers.image.description": "",
"org.opencontainers.image.documentation": "https://github.com/regclient/regclient",
"org.opencontainers.image.licenses": "Apache 2.0",
"org.opencontainers.image.revision": "5a6a1d95524b9c1c2d38a5af7ab744742f8d55e9",
"org.opencontainers.image.source": "git://github.com/regclient/regclient.git",
"org.opencontainers.image.title": "regsync",
"org.opencontainers.image.url": "https://github.com/regclient/regclient",
"org.opencontainers.image.vendor": "",
"org.opencontainers.image.version": "v0.3.0"
}
| 归档时间: |
|
| 查看次数: |
1501 次 |
| 最近记录: |