如何使用公共和私有映像创建docker-compose.yml文件？ [英] How to create a docker-compose.yml file with both public and private images?

问题描述

我正在尝试为工作中的特定开发人员团队创建 docker-compose.yml 文件。我已经将我们的私有映像推送到私有注册表（Azure容器注册表），并且可以正常工作：）

I'm trying to create a docker-compose.yml file for a specific team of developers at work. I've pushed our private images up to a private registry (Azure Container Registry) and that's ok/working :)

下一步，我尝试测试如何获取该特定团队的开发人员将运行 docker-compose 文件，该文件将下拉所有图像，然后将其全部启动。

Next I'm trying to test out how to get the dev's of this particular team to run the docker-compose file which will pull down all the images and then start them all.

我发现开发人员将需要执行以下操作：

I've figured out that the developers will need to do this:

-> docker login -u <admin username of my registry> <domain of the registry>
-> docker-compose pull

这会拉出我的私有映像（从私有注册表ACR），但没有

This pulls down my private images (from ACR the private registry), but not any images in docker hub (the public registry).

• Q1：是否可以混合搭配？


• Q2：还有另一种方法可以使用户成为只读用户。我已经读过一些有关服务帐户的信息，但是确实使人感到困惑，我不知道该怎么做/是否正确

• Q1: Is it possible to mix and match?
• Q2: Is there another way to make a 'user' which is only READONLY. I've read some stuff about service accounts or something but it's really confusing and I have no idea if how to do that/if that's the right way.

这是我的示例 docker-compose 文件的摘要公共和私人图像。请注意我如何尝试完全限定映像域...

Here's a snippet my sample docker-compose file, which contains both public and private images. Do note how I'm trying to fully qualify the image domains...

version: '3.5'

services:

ravendb.data:
  image: hub.docker.com/ravendb/ravendb
  expose: 
    - "8080"
  networks:
    - backend
  container_name: ravendb.data
  labels:
    - "traefik.enable=false"

accounts.api:
  image: <snip>.azurecr.io/<snip>/<snip>
  networks:
<rest all snipped>

推荐答案

Q1-两个问题，有些相关-

Q1 - Two issues, somewhat related -

1. RavenDB image 指令中的Docker Hub注册表FQDN错误- hub.docker.com 是人类可读的网站，公共Docker注册表位于 registry.hub.docker.com 或 index.docker.io （将 v1 附加到那些uri以获得API）。

1. Your Docker Hub registry FQDN is wrong in the RavenDB image directive - hub.docker.com is the human readable website, the public Docker registry resides at registry.hub.docker.com or index.docker.io (append v1 to those uri's to get the API).

您不需要完整的公共注册表FQDN即可从公共注册表中拉取-这是默认设置，如果docker命令在未检测到FQDN的情况下会默认从那里拉取图像名称之前的图像标签。

You don't need the full public registry FQDN to pull from the public registry - its the default, and docker commands will by default pull from there if they don't detect a FQDN in the image tag preceding the image name.

第二季度-我不确定Azure Container Registry的工作方式，但是我如果您无法创建只读用户，将感到惊讶。普通注册表是基于REST的API服务器，可以通过内部设置其权限或通过在反向代理中放置POST / PUT / DELETE和PATCH谓词来控制它，而POST / PUT / DELETE和PATCH谓词需要与GET谓词不同的经过身份验证的用户

Q2 - I'm not sure how Azure Container Registry works, but I'd be astonished if you can't create a readonly user. The normal registry is a REST based API server, and can be controlled either by setting its permissions internally or by putting a reverse proxy in-front of it with the POST/PUT/DELETE and PATCH verbs requiring a different authed user to the GET verb.

这篇关于如何使用公共和私有映像创建docker-compose.yml文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！