如何使用公共和私有映像创建docker

如何使用公共和私有映像创建docker

关注
发信
关注(28)粉丝(399)

如何使用公共和私有映像创建docker-compose.yml文件?

本文介绍了如何使用公共和私有映像创建docker-compose.yml文件?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试为工作中的特定开发人员团队创建 docker-compose.yml 文件。我已经将我们的私有映像推送到私有注册表(Azure容器注册表),并且可以正常工作:)

I'm trying to create a docker-compose.yml file for a specific team of developers at work. I've pushed our private images up to a private registry (Azure Container Registry) and that's ok/working :)

下一步,我尝试测试如何获取该特定团队的开发人员将运行 docker-compose 文件,该文件将下拉所有图像,然后将其全部启动。

Next I'm trying to test out how to get the dev's of this particular team to run the docker-compose file which will pull down all the images and then start them all.

我发现开发人员将需要执行以下操作:

I've figured out that the developers will need to do this:

-> docker login -u <admin username of my registry> <domain of the registry>
-> docker-compose pull

这会拉出我的私有映像(从私有注册表ACR),但没有

This pulls down my private images (from ACR the private registry), but not any images in docker hub (the public registry).


  • Q1:是否可以混合搭配?

  • Q2:还有另一种方法可以使用户成为只读用户。我已经读过一些有关服务帐户的信息,但是确实使人感到困惑,我不知道该怎么做/是否正确

  • Q1: Is it possible to mix and match?
  • Q2: Is there another way to make a 'user' which is only READONLY. I've read some stuff about service accounts or something but it's really confusing and I have no idea if how to do that/if that's the right way.

这是我的示例 docker-compose 文件的摘要公共和私人图像。请注意我如何尝试完全限定映像域...

Here's a snippet my sample docker-compose file, which contains both public and private images. Do note how I'm trying to fully qualify the image domains...

version: '3.5'

services:

ravendb.data:
  image: hub.docker.com/ravendb/ravendb
  expose:
    - "8080"
  networks:
    - backend
  container_name: ravendb.data
  labels:
    - "traefik.enable=false"

accounts.api:
  image: <snip>.azurecr.io/<snip>/<snip>
  networks:
<rest all snipped>


推荐答案

Q1-两个问题,有些相关-

Q1 - Two issues, somewhat related -


  1. RavenDB image 指令中的Docker Hub注册表FQDN错误- hub.docker.com 是人类可读的网站,公共Docker注册表位于 registry.hub.docker.com index.docker.io (将 v1 附加到那些uri以获得API)。

  1. Your Docker Hub registry FQDN is wrong in the RavenDB image directive - hub.docker.com is the human readable website, the public Docker registry resides at registry.hub.docker.com or index.docker.io (append v1 to those uri's to get the API).

您不需要完整的公共注册表FQDN即可从公共注册表中拉取-这是默认设置,如果docker命令在未检测到FQDN的情况下会默认从那里拉取图像名称之前的图像标签。

You don't need the full public registry FQDN to pull from the public registry - its the default, and docker commands will by default pull from there if they don't detect a FQDN in the image tag preceding the image name.

第二季度-我不确定Azure Container Registry的工作方式,但是我如果您无法创建只读用户,将感到惊讶。普通注册表是基于REST的API服务器,可以通过内部设置其权限或通过在反向代理中放置POST / PUT / DELETE和PATCH谓词来控制它,而POST / PUT / DELETE和PATCH谓词需要与GET谓词不同的经过身份验证的用户

Q2 - I'm not sure how Azure Container Registry works, but I'd be astonished if you can't create a readonly user. The normal registry is a REST based API server, and can be controlled either by setting its permissions internally or by putting a reverse proxy in-front of it with the POST/PUT/DELETE and PATCH verbs requiring a different authed user to the GET verb.

这篇关于如何使用公共和私有映像创建docker-compose.yml文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-12 18:11
Powered by LMLPHP ©2024 如何使用公共和私有映像创建docker 0.068905