获取远程Docker映像的标签 [英] Get labels of remote docker image
问题描述
我试图获取图像的标签而不拉它。
例如:在docker-hub中,使用我的用户名( stavalfi
),回购: projecty
: https://hub.docker.com/v2/repositories/stavalfi/projecty/tags
我想获取所有标签图像。
遵循本指南: https://hackernoon.com/inspecting-docker-images-without-pulling-them-4de53d34a604
和以下内容: https://docs.docker.com/registry/spec/api/#pulling-a-layer
我试图到达: http:// $ REGISTRY_ADDRESS / v2 / $ image / blobs / $ digest
:
出什么问题了?
我不能使用 skopeo
,因为它无法使用HTTP连接(不安全)检查注册表。
您可以在docker清单的第一层中找到标签:
$ repo = stavalfi / k8test-monitoring
$ token = $(curl -s" https://auth.docker.io/token?service = registry.docker.io& scope = repository:$ {repo}:pull" \
| jq -r‘.token’)
$ curl -s -H授权:不记名$ token " https://registry-1.docker.io/v2/$ {repo} / manifests / latest \
| jq .history [0] .v1Compatibility; -r | jq.config.Labels
{
latest-hash: dc971f310bd0b172fd0379cc9a1810f209c9a9604a28da14cef36457,
latest-tag: 1.3.4
}
更新:v2注册表API有点干净,但是需要再卷曲一次:
$ repo = stavalfi / k8test-monitoring
$ token = $(curl -s" ; https://auth.docker.io/token?service = registry.docker.io& scope = repository:$ {repo}:pull" \
| jq -r'.token')
$摘要= $(curl -s -H接受:application / vnd.docker.distribution.manifest.v2 + json -H授权:Bearer $ token https:// registry -1.docker.io/v2/${repo}/manifests/latest \
| jq .config.digest -r)
$ curl -s -L -H ;接受:application / vnd.docker.distribution.manifest.v2 + json -H授权:承载$令牌 " https://registry-1.docker.io/v2/$ {repo} / blobs / $ digest \
| jq .config.Labels
{
latest-hash: dc971f310bd0b172fd0379cc9a1810f209c9a9604a28da14cef36457,
最新标签: 1.3.4
}
对于更通用的用例,下面是一个脚本无需下载完整映像即可在docker hub上配置任何公共映像:
#!/ bin / sh
repo = $ {1:-library / ubuntu}
标签= $ {2:-latest}
令牌= $(curl -s" https://auth.docker.io/token?service = Registry.docker.io& scope =存储库:$ {repo}:pull \
| jq -r'.token')
摘要= $(curl -H接受:application / vnd .docker.distribution.manifest.v2 + json \
-H授权:不记名$ token \
-s https://registry-1.docker.io/v2 / $ {repo} / manifests / $ {tag} | jq -r .config.digest)
curl -H接受:application / vnd.docker.distribution.manifest.v2 + json \
-H授权:不记名$ token \
-s -L https://registry-1.docker.io/v2/${repo}/blobs/${digest} | jq。
只需确保包含库官方图片的前缀:
$ ./get-config-v2.sh库/高山3.9
{
架构: amd64,
配置:{
主机名:,
域名:,
用户:,
AttachStdin:false,
AttachStdout:false,
AttachStderr:false,
Tty ;:false,
OpenStdin:false,
StdinOnce:false,
Env:[
PATH = / usr / local / sbin :/ usr / local / bin:/ usr / sbin:/ usr / bin:/ sbin:/ bin;
],
Cmd:[
/ bin / sh
],
ArgsEscaped:true,
Image: sha256:186eda4636e895d982896312666e472a2d62aab1490608701e1b3438ac6649e7,
Volumes null: WorkingDir:,
Entrypoint:null,
OnBuild:null,
Labels:null
},
....
I'm trying to get the labels of an image without pulling it.
For example: in docker-hub, on my username (stavalfi
), in repo: projecty
: https://hub.docker.com/v2/repositories/stavalfi/projecty/tags
I want to get all the labels of this image.
Following this guide: https://hackernoon.com/inspecting-docker-images-without-pulling-them-4de53d34a604
and this: https://docs.docker.com/registry/spec/api/#pulling-a-layer
I tried to reach to: http://$REGISTRY_ADDRESS/v2/$image/blobs/$digest
:
but the result is a 404.
What is the problem?
I can't use skopeo
because it can't inspect registries with an HTTP connection (insecure).
You can find the labels in the first layer of the docker manifest:
$ repo=stavalfi/k8test-monitoring
$ token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" \
| jq -r '.token')
$ curl -s -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/${repo}/manifests/latest" \
| jq ".history[0].v1Compatibility" -r | jq .config.Labels
{
"latest-hash": "dc971f310bd0b172fd0379cc9a1810f209c9a9604a28da14cef36457",
"latest-tag": "1.3.4"
}
Update: the v2 registry API is a bit cleaner, but needs one more curl:
$ repo=stavalfi/k8test-monitoring
$ token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" \
| jq -r '.token')
$ digest=$(curl -s -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/${repo}/manifests/latest" \
| jq .config.digest -r)
$ curl -s -L -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/${repo}/blobs/$digest" \
| jq .config.Labels
{
"latest-hash": "dc971f310bd0b172fd0379cc9a1810f209c9a9604a28da14cef36457",
"latest-tag": "1.3.4"
}
For a more generic use case, here's a script to pull the config of any public image on docker hub without downloading the full image:
#!/bin/sh
repo=${1:-library/ubuntu}
tag=${2:-latest}
token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" \
| jq -r '.token')
digest=$(curl -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-H "Authorization: Bearer $token" \
-s "https://registry-1.docker.io/v2/${repo}/manifests/${tag}" | jq -r .config.digest)
curl -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-H "Authorization: Bearer $token" \
-s -L "https://registry-1.docker.io/v2/${repo}/blobs/${digest}" | jq .
Just make sure to include the "library" prefix for official images:
$ ./get-config-v2.sh library/alpine 3.9
{
"architecture": "amd64",
"config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh"
],
"ArgsEscaped": true,
"Image": "sha256:186eda4636e895d982896312666e472a2d62aab1490608701e1b3438ac6649e7",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
....
这篇关于获取远程Docker映像的标签的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!