我们想在开始部署之前自动检查公共(public)注册表(Docker Hub)中是否存在镜像。例如,使用 v1 API,我们只需查询 https://index.docker.io/v1/repositories/gliderlabs/alpine/tags/3.2。
但是现在registry的官方API是v2,那么官方在publicregistry中检查镜像存在的方法是什么?
v1
$ curl -i https://index.docker.io/v1/repositories/gliderlabs/alpine/tags/latest
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 11 Aug 2015 10:02:09 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
[{"pk": 20307475, "id": "5bd56d81"}, {"pk": 20355979, "id": "511136ea"}]
v2:
$ curl -i https://index.docker.io/v2/repositories/gliderlabs/alpine/tags/latest
HTTP/1.1 301 MOVED PERMANENTLY
Server: nginx/1.6.2
Date: Tue, 11 Aug 2015 10:04:20 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Location: https://index.docker.io/v2/repositories/gliderlabs/alpine/tags/latest/
Strict-Transport-Security: max-age=31536000
$ curl -i https://index.docker.io/v2/repositories/gliderlabs/alpine/tags/latest/
HTTP/1.1 301 MOVED PERMANENTLY
Server: nginx/1.6.2
Date: Tue, 11 Aug 2015 10:04:26 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Location: https://registry.hub.docker.com/v2/repositories/gliderlabs/alpine/tags/latest/
Strict-Transport-Security: max-age=31536000
$ curl -i https://registry.hub.docker.com/v2/repositories/gliderlabs/alpine/tags/latest/
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 11 Aug 2015 10:04:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Allow: GET, DELETE, HEAD, OPTIONS
Strict-Transport-Security: max-age=31536000
{"name": "latest", "full_size": 5250074, "id": 130839, "repository": 127805, "creator": 152141, "last_updater": 152141, "image_id": null, "v2": false}
我是否应该坚持使用 v1 网址,即使它现在已被弃用或使用 v2 网址但没有关于它的文档?如果我使用 v2,我应该直接使用 https://registry.hub.docker.com/v2/ 还是仍然使用 https://index.docker .io/v1/ 并遵循重定向?
最佳答案
Upstream 的 download-frozen-image-v2.sh 脚本至少应该是一个不错的 API 示例(https://github.com/docker/docker/blob/6bf8844f1179108b9fabd271a655bf9eaaf1ee8c/contrib/download-frozen-image-v2.sh#L47-L54)。
主要的关键是你需要点击 registry-1.docker.io 而不是 index.docker.io,并且你需要一个 "来自 auth.docker.io ( https://auth.docker.io/token?service=registry.docker.io&scope=repository:gliderlabs/alpine:pull ) 的 token ”,即使您只是请求对公共(public)存储库的只读访问。获得该 token 后,您可以使用 Authorization header 点击 https://registry-1.docker.io/v2/gliderlabs/alpine/manifests/latest这将返回图像的 JSON list ,或者返回 404 错误。
token="$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output .token)"
curl -fsSL -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/manifests/$digest"
关于docker - 查看 docker 公共(public)注册表中是否存在图像的规范方法是什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31933445/