如何使用 HTTP API 从 gcr.io Docker Registry 列出图像和标签? [英] How to list images and tags from the gcr.io Docker Registry using the HTTP API?

问题描述

我正在尝试从 Node.js 中的 Google Container Registry (gcr.io) 获取可用图像及其标签的列表.

I'm trying to fetch a list of available images and their tags from Google Container Registry (gcr.io) in Node.js.

我首先使用 google-auto-auth 选择范围为 https://www.googleapis.com/auth/devstorage.read_write 的令牌，然后我将该令牌交换为 gcr.io 令牌，如下所示:

I first use google-auto-auth to optain a token with scope https://www.googleapis.com/auth/devstorage.read_write, and I exchange that token for a gcr.io token like so:

axios.get('https://gcr.io/v2/token?service=gcr.io', {
  auth: {
    username: '_token',
    password: token // token I got from `google-auto-auth`
  }
})

然后我尝试使用它来调用 v2/_catalog 端点:

I then try to use this to call the v2/_catalog endpoint:

axios.get('https://gcr.io/v2/_catalog', {
  headers: {
    Authorization: `Bearer ${gcrToken}`
  }
})

我收到以下错误:

{ 
  errors: [ { code: 'DENIED', message: 'Failed to retrieve projects.' } ] 
}

公平，它必须需要我的项目 ID，但我应该在哪里提供它?

Fair enough, it must require my project ID, but where am I supposed to provide it?

只是为了看看我是否可以让其他任何东西工作，我尝试了:

Just to see if I could get anything else working, I tried:

axios.get('https://gcr.io/v2/my-project-id/my-image/tags/list', {
  headers: {
    Authorization: `Bearer ${gcrToken}`
  }
})

我得到以下回复:

{ 
  errors: [ 
    { 
      code: 'NAME_INVALID', 
      message: 'Requested repository does not match bearer token resource: my-project-id/my-image' 
    } 
  ] 
}

如何从 gcr.io 读取图片信息?

How can I read image info from gcr.io?

推荐答案

在与 GCR 的 Jon Johnson 广泛沟通后，我们终于弄清楚出了什么问题.如果您对这个答案投了赞成票，请也投给 Jon 的票，他竭尽全力解决了这个问题.

After extensive communication with Jon Johnson from GCR, we finally figured out what was wrong. If you upvote this answer, please upvote Jon's as well, he went above and beyond to get this issue resolved.

在撰写本文时，大部分内容都没有记录.

Most of this stuff is undocumented as of this writing.

• 需要使用 registry:catalog:* 范围.
• 我的图像被推送到 us.gcr.io，他们将它们视为单独的注册表 - 我认为它们是镜像.
• 服务帐号必须在 Google Cloud IAM 中具有 Project Viewer 角色.
• 您可以使用 GCR 令牌以及 Google Cloud 令牌.但是，虽然 GCR 令牌不能与 Basic base64(_token:) 一起使用，但 Google Cloud 令牌可以.

• need to use the registry:catalog:* scope.
• my images were pushed to us.gcr.io, and they treat them as separate registries — I thought they were mirrors.
• the service account must have the Project Viewer role in Google Cloud IAM.
• you can use a GCR token, as well as a Google Cloud token. However while the GCR token cannot be used with Basic base64(_token:<token>), the Google Cloud token can.

获取 GCR 令牌

// Updated host
axios.get('https://us.gcr.io/v2/token?service=gcr.io', {
  params: {
    service: 'us.gcr.io',
    scope: `registry:catalog:*`
  },
  auth: {
    username: '_token',
    password: token // token I got from `google-auto-auth`
  },  
})

使用令牌列出存储库

const client = axios.create({
  baseURL: `https://us.gcr.io/v2`,
  headers: {
    Authorization: `Bearer ${token}`
  }
})

client.get('/_catalog').then((response) => {
  console.log(response.data.repositories)
})

这篇关于如何使用 HTTP API 从 gcr.io Docker Registry 列出图像和标签?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！