我想将 docker 镜像传输到另一台无法访问注册表的计算机。所以我尝试使用docker save/load
:
➜ ~ docker save k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068 -o test.tar
➜ ~ docker load -i test.tar
Loaded image ID: sha256:17e55ec30….
摘要不匹配。为什么以及我可以使它们相同吗?
最佳答案
当您使用docker load
加载镜像时,它没有带有注册表摘要的RepoDigests
条目。还有很多其他摘要,因此确保您将相同的摘要进行相互比较非常重要。具体来说,图像 ID 是由图像上的配置摘要组成的,它本身唯一地定义了图像,因为它包含完整的配置和层 blob 摘要。这与您用来从注册表中提取的摘要不同,但确实确保图像没有更改:
$ regctl manifest get localhost:5000/library/alpine --platform linux/amd64
Name: localhost:5000/library/alpine
MediaType: application/vnd.docker.distribution.manifest.v2+json
Digest: sha256:a777c9c66ba177ccfea23f2a216ff6721e78a662cd17019488c417135299cd89
Total Size: 2.815MB
Config:
Digest: sha256:0ac33e5f5afa79e084075e8698a22d574816eea8d7b7d480586835657c3e1c8b
MediaType: application/vnd.docker.container.image.v1+json
Size: 1472B
Layers:
Digest: sha256:df9b9388f04ad6279a7410b85cedfdcb2208c0a003da7ab5613af71079148139
MediaType: application/vnd.docker.image.rootfs.diff.tar.gzip
Size: 2.815MB
$ regctl image export localhost:5000/library/alpine:latest@sha256:a777c9c66ba177ccfea23f2a216ff6721e78a662cd17019488c417135299cd89 ./alpine-amd64.tar
$ docker load <alpine-amd64.tar
4fc242d58285: Loading layer [==================================================>] 2.815MB/2.815MB
The image localhost:5000/library/alpine:latest already exists, renaming the old one with ID sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab to empty string
Loaded image: localhost:5000/library/alpine:latest
$ docker inspect localhost:5000/library/alpine:latest
[
{
"Id": "sha256:0ac33e5f5afa79e084075e8698a22d574816eea8d7b7d480586835657c3e1c8b",
"RepoTags": [
"localhost:5000/library/alpine:latest"
],
"RepoDigests": [],
...
如果您计划将大量镜像复制到气隙环境中,则另一个选择是运行您自己的注册表,并使用 regclient、crane 或 skopeo 等工具将镜像传输到其他注册表。例如。对于 regclient,您可以在文件系统上的 ocidir 布局之间进行复制:
$ # export from localhost:5000
$ regctl image copy localhost:5000/library/alpine ocidir://test/alpine -v info
INFO[0000] Copy config digest="sha256:0ac33e5f5afa79e084075e8698a22d574816eea8d7b7d480586835657c3e1c8b" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy layer layer="sha256:df9b9388f04ad6279a7410b85cedfdcb2208c0a003da7ab5613af71079148139" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy config digest="sha256:cf7b6fa1108a7ad1dfcc61d4e7d7c1b62cd4550ef574df4212d7a8c7a6fada81" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy layer layer="sha256:c319b1fc4ed70b8241a7ce6ac0c4015d354bf5cf8c01eb73c50b6709c0c46e49" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy config digest="sha256:d378343b49e42a7f34e8c5a63abea857964e5ebc62628e6f9d21dda419f0efc3" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy layer layer="sha256:57fb4b5f1a47c953ca5703f0f81ce14e5d01cf23aa79558b5adb961cc526e320" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy config digest="sha256:3fb3c9af89a9178a2ab12a1f30d8df607fa46a6f176acf9448328b22d31086a2" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy layer layer="sha256:9981e73032c8833e387a8f96986e560edbed12c38119e0edb0439c9c2234eac9" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy config digest="sha256:28ca6b2fc07057618ad749d6f6403afde056ed534ba14271d6c9ead8cd1ea136" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy layer layer="sha256:73b28a5955ec7fb46f2cf0434e4901a889f7dda3f8c9ec496300feb256c7eda8" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy config digest="sha256:24d2ad2d4b14ac9edb48fb580d067884a93067ba026d6e47cd94dbc7d97b80d5" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy layer layer="sha256:1877acf2d48ed8bcb5bd9756a95aca0c077457be7cf4fcef25807f4e9be88db1" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy config digest="sha256:dc95795d85e881384cd236fbe303e7b9b31a65d2c76ec61ab55dba539f27e158" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
INFO[0000] Copy layer layer="sha256:a27b630f446c3da376a30cf610e4bfa6847f8b87c83702c29e72b986f4e52d28" source="localhost:5000/library/alpine" target="ocidir://test/alpine"
$ # import to localhost:5050, could be on another host
$ regctl image copy ocidir://test/alpine localhost:5050/import/alpine -v info
INFO[0000] Copy config digest="sha256:0ac33e5f5afa79e084075e8698a22d574816eea8d7b7d480586835657c3e1c8b" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy layer layer="sha256:df9b9388f04ad6279a7410b85cedfdcb2208c0a003da7ab5613af71079148139" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy config digest="sha256:cf7b6fa1108a7ad1dfcc61d4e7d7c1b62cd4550ef574df4212d7a8c7a6fada81" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy layer layer="sha256:c319b1fc4ed70b8241a7ce6ac0c4015d354bf5cf8c01eb73c50b6709c0c46e49" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy config digest="sha256:d378343b49e42a7f34e8c5a63abea857964e5ebc62628e6f9d21dda419f0efc3" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy layer layer="sha256:57fb4b5f1a47c953ca5703f0f81ce14e5d01cf23aa79558b5adb961cc526e320" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy config digest="sha256:3fb3c9af89a9178a2ab12a1f30d8df607fa46a6f176acf9448328b22d31086a2" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy layer layer="sha256:9981e73032c8833e387a8f96986e560edbed12c38119e0edb0439c9c2234eac9" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy config digest="sha256:28ca6b2fc07057618ad749d6f6403afde056ed534ba14271d6c9ead8cd1ea136" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy layer layer="sha256:73b28a5955ec7fb46f2cf0434e4901a889f7dda3f8c9ec496300feb256c7eda8" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy config digest="sha256:24d2ad2d4b14ac9edb48fb580d067884a93067ba026d6e47cd94dbc7d97b80d5" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy layer layer="sha256:1877acf2d48ed8bcb5bd9756a95aca0c077457be7cf4fcef25807f4e9be88db1" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy config digest="sha256:dc95795d85e881384cd236fbe303e7b9b31a65d2c76ec61ab55dba539f27e158" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
INFO[0000] Copy layer layer="sha256:a27b630f446c3da376a30cf610e4bfa6847f8b87c83702c29e72b986f4e52d28" source="ocidir://test/alpine" target="localhost:5050/import/alpine"
运行您自己的注册表的简单命令如下所示:
docker run -d --restart=unless-stopped --name registry \
-e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
-e "REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory" \
-e "REGISTRY_STORAGE_DELETE_ENABLED=true" \
-e "REGISTRY_VALIDATION_DISABLED=true" \
-v "registry-data:/var/lib/registry" \
-p "127.0.0.1:5000:5000" \
registry:2
关于docker - 如何在不更改摘要的情况下移动 Docker 镜像?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72340241/