Docker系列(五):私有仓库(二)
Jason
Nov 28, 2017
简介
上一篇讲了使用Registry搭建私有的镜像库,对Registry的管理暂时只能是有API来进行,本篇来介绍使用API管理Registry镜像库。
Registry镜像的管理
1. 镜像查询
前面已经说到过Registry v2需要通过API进行查询, 对于需要证书及鉴权的Registry通过以下方式查询:
$ curl --cacert /etc/docker/certs.d/10.0.2.15\:5000/ca.crt \
--basic --user admin:admin123 \
https://10.0.2.15:5000/v2/_catalog
{"repositories":["registry"]}
可以查看每个镜像的详细信息:
$ curl -i -X GET -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--cacert /etc/docker/certs.d/10.0.2.15\:5000/ca.crt \
--basic --user admin:admin123 \
https://10.0.2.15:5000/v2/registry/manifests/2
HTTP/1.1 200 OK
Content-Length: 1364
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:435db1be85c6c10b2f506516aa14d8c485c1f1bd5f4a941a637808b085f294b6
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:435db1be85c6c10b2f506516aa14d8c485c1f1bd5f4a941a637808b085f294b6"
Date: Thu, 09 Nov 2017 22:09:42 GMT
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 3165,
"digest": "sha256:a07e3f32a779aa924fd47f6797d4d5c93061c50c0eb97d464f08365a3a30200b"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 2385012,
"digest": "sha256:49388a8c9c86a6f56d228954eede699c64fce6c671a989e3e21c391859694645"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 2027027,
"digest": "sha256:e4d43608dd22de7d12f17ae419ce146094e047e1a739d644e3fcb647f9379bdb"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 6265374,
"digest": "sha256:3a41740f900cbba03b223c025f03632db1284d85a696677bca8d6375cdf6040b"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 371,
"digest": "sha256:e16ef4b766841014d6a902f034f0f67698bcbebc1b4c36ff3574d3730e79e2ee"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 213,
"digest": "sha256:65f212f7c77805418cb85461d93a522c1bf4eebac73009ccd23ac2159ac33dad"
}
]
}
对于2.3或之前的版本,要使用:指定Accept: application/vnd.docker.distribution.manifest.v2+json头。
2. 镜像删除
对于Registry库中镜像的删除,通过API只能删除镜像的信息,具体的镜像的Layer实际还存在。
$ curl -i -X DELETE -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--cacert /etc/docker/certs.d/10.0.2.15\:5000/ca.crt \
--basic --user admin:admin123 \
https://10.0.2.15:5000/v2/registry/manifests/sha256:435db1be85c6c10b2f506516aa14d8c485c1f1bd5f4a941a637808b085f294b6
HTTP/1.1 202 Accepted
Docker-Distribution-Api-Version: registry/2.0
Date: Fri, 10 Nov 2017 03:46:09 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8
这时查看镜像信息显示为未知镜像:
$ curl -i -X GET -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--cacert /etc/docker/certs.d/10.0.2.15\:5000/ca.crt \
--basic --user admin:admin123 \
https://10.0.2.15:5000/v2/registry/manifests/2
HTTP/1.1 404 Not Found
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Date: Fri, 10 Nov 2017 03:47:51 GMT
Content-Length: 91
{"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown","detail":{"Tag":"2"}}]}
但再次上传相同镜像的时候,所有Layer提示已经存在:
$ docker push 10.0.2.15:5000/registry:2
The push refers to a repository [10.0.2.15:5000/registry]
3c133a51bc00: Layer already exists
a2717186d7dd: Layer already exists
656c7684d0bd: Layer already exists
7683d4fcdf4e: Layer already exists
ef763da74d91: Layer already exists
2: digest: sha256:435db1be85c6c10b2f506516aa14d8c485c1f1bd5f4a941a637808b085f294b6 size: 1364
Docker官方文档中描述的API删除镜像其实是软删除,只是解除信息关联,并没有在真正删除镜像,建议调用API删除成功后到镜像存储目录直接删除该镜像所有信息。
调用删除API之前,在config.yml中需要增加允许删除的配置:
$ vim /etc/docker-distribution/registry/config.yml
... ...
storage:
... ...
delete:
enabled: true
增加配置后重启服务。