在执行 docker push 或拉取镜像时,Docker 如何确定镜像名称中是否存在注册表服务器,或者它是否是默认注册表上的路径/用户名(例如 Docker集线器)?
我从 1.1 image specification 看到以下内容:
Tag
A tag serves to map a descriptive, user-given name to any single image ID. Tag values are limited to the set of characters [a-zA-Z_0-9].
Repository
A collection of tags grouped under a common prefix (the name component before :). For example, in an image tagged with the name my-app:3.1.4, my-app is the Repository component of the name. A repository name is made up of slash-separated name components, optionally prefixed by a DNS hostname. The hostname must follow comply with standard DNS rules, but may not contain _ characters. If a hostname is present, it may optionally be followed by a port number in the format :8080. Name components may contain lowercase characters, digits, and separators. A separator is defined as a period, one or two underscores, or one or more dashes. A name component may not start or end with a separator.
对于 DNS 主机名,它是否需要完全限定为点,或者“my-local-server”是否是有效的注册表主机名?对于名称组件,我认为句点是有效的,这意味着“team.user/appserver”是一个有效的图像名称。如果注册服务器在端口 80 上运行,因此镜像名称中的主机名不需要端口号,则主机名和注册服务器上的路径之间似乎存在歧义。我很好奇 Docker 是如何解决这种歧义的。
最佳答案
TL;DR:主机名必须包含 . dns 分隔符、: 端口分隔符或第一个 /。否则,代码假定您需要默认注册表 Docker Hub。
在对代码进行了一些挖掘之后,我发现了 distribution/distribution/reference/reference.go带有以下内容:
// Grammar
//
// reference := name [ ":" tag ] [ "@" digest ]
// name := [hostname '/'] component ['/' component]*
// hostname := hostcomponent ['.' hostcomponent]* [':' port-number]
// hostcomponent := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
// port-number := /[0-9]+/
// component := alpha-numeric [separator alpha-numeric]*
// alpha-numeric := /[a-z0-9]+/
// separator := /[_.]|__|[-]*/
//
// tag := /[\w][\w.-]{0,127}/
//
// digest := digest-algorithm ":" digest-hex
// digest-algorithm := digest-algorithm-component [ digest-algorithm-separator digest-algorithm-component ]
// digest-algorithm-separator := /[+.-_]/
// digest-algorithm-component := /[A-Za-z][A-Za-z0-9]*/
// digest-hex := /[0-9a-fA-F]{32,}/ ; At least 128 bit digest value
它的实际实现是通过 distribution/distribution/reference/regexp.go 中的正则表达式。 .
但是通过一些挖掘和戳,我发现除了该正则表达式之外还有另一个检查(例如,如果您不包含 . 或 :)。我在 distribution/distribution/reference/normalize.go 中追踪了名称的实际拆分为以下内容:
// splitDockerDomain splits a repository name to domain and remotename string.
// If no valid domain is found, the default domain is used. Repository name
// needs to be already validated before.
func splitDockerDomain(name string) (domain, remainder string) {
i := strings.IndexRune(name, '/')
if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != "localhost") {
domain, remainder = defaultDomain, name
} else {
domain, remainder = name[:i], name[i+1:]
}
if domain == legacyDefaultDomain {
domain = defaultDomain
}
if domain == defaultDomain && !strings.ContainsRune(remainder, '/') {
remainder = officialRepoName + "/" + remainder
}
return
}
对我来说重要的部分是在第一个 之前检查 在第一个 if 语句中。有了它,主机名从第一个 .、: 或主机名 localhost// 之前分离出来,没有它,整个名称将传递给默认的注册表主机名。
关于docker - Docker 镜像名称是如何解析的?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37861791/