• # docker registry v2 API 的理解与一些验证

    docker registry v2 API 的理解与一些验证

    文章目录

    API官方文档:https://docs.docker.com/registry/spec/api/

    API官方文档翻译:https://docs.docker.com.zh.xy2401.com/registry/spec/api/

    1 API methods and URIs :

    MethodPathEntityDescription
    GET/v2/BaseCheck that the endpoint implements Docker Registry API V2.
    GET/v2//tags/listTagsFetch the tags under the repository identified by name.某仓库下的tag列表
    GET/v2//manifests/ManifestFetch the manifest identified by name and reference where reference 可以是镜像 tag 或 digest(要用header里的digest). A HEAD request can also be issued to this endpoint to obtain resource information without receiving all data.获取某仓库某tag信息清单,带上请求header,可以获得指定信息
    PUT/v2//manifests/ManifestPut the manifest identified by name and reference where reference can be a tag or digest.
    DELETE/v2//manifests/ManifestDelete the manifest identified by name and reference. Note that a manifest can only be deleted by digest.(要用header里的镜像digest)
    GET/v2//blobs/BlobRetrieve the blob from the registry identified by digest. A HEAD request can also be issued to this endpoint to obtain resource information without receiving all data.
    DELETE/v2//blobs/BlobDelete the blob identified by name and digest要用config–>digest
    POST/v2//blobs/uploads/Initiate Blob UploadInitiate a resumable blob upload. If successful, an upload location will be provided to complete the upload. Optionally, if the digest parameter is present, the request body will be used to complete the upload in a single request.
    GET/v2//blobs/uploads/Blob UploadRetrieve status of upload identified by uuid. The primary purpose of this endpoint is to resolve the current status of a resumable upload.
    PATCH/v2//blobs/uploads/Blob UploadUpload a chunk of data for the specified upload.
    PUT/v2//blobs/uploads/Blob UploadComplete the upload specified by uuid, optionally appending the body as the final chunk.
    DELETE/v2//blobs/uploads/Blob UploadCancel outstanding upload processes, releasing associated resources. If this is not called, the unfinished uploads will eventually timeout.
    GET/v2/_catalogCatalogRetrieve a sorted, json list of repositories available in the registry.仓库列表

    说明:

    • 目录manifests:是镜像目录或索引。

    • 目录blobs:是镜像实体。

    2 HEAD

    英文:https://docs.docker.com/registry/spec/manifest-v2-2/

    翻译:https://docs.docker.com.zh.xy2401.com/registry/spec/manifest-v2-2/

    • application/vnd.docker.distribution.manifest.v1+json :schema1(现有清单格式)
    • application/vnd.docker.distribution.manifest.v2+json :新的图像清单格式(schemaVersion = 2)
    • application/vnd.docker.distribution.manifest.list.v2+json :清单列表,又称“胖清单”
    • application/vnd.docker.container.image.v1+json :容器配置JSON
    • application/vnd.docker.image.rootfs.diff.tar.gzip :“图层”,作为压缩的tar
    • application/vnd.docker.image.rootfs.foreign.diff.tar.gzip :“图层”,作为永远不应被推送的压缩后的tar
    • application/vnd.docker.plugin.v1+json :插件配置JSON

    实践总结:

    • application/vnd.docker.distribution.manifest.v2+json :新的图像清单格式(schemaVersion = 2)
    • 只有他是schemaVersion=2,其他全是1,也只有带这个header输出结果不一样,带其他header或不带header结果都一样

    3 不同header及无header时的区别验证

    3.1 结果一

    # 新的图像清单格式(schemaVersion = 2)
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}  -H 'Accept: application/vnd.docker.distribution.manifest.v2+json'  https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332  | wc -l
60

# 内容输出
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}  -H 'Accept: application/vnd.docker.distribution.manifest.v2+json'  https://docker-repo:5000/v2/ufipf/gc-apply-service/manifests/2023.04.18.084456
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 5162,
      "digest": "sha256:2b8e71e7c99caef05cd72d948e161fa56ce5425ce7427af5a49913f08874e9dd"   #--是blob digest,前12位是镜像ID,curl -v可输出镜像digest
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 28567101,
         "digest": "sha256:7b1a6ab2e44dbac178598dabe7cff59bd67233dba0b27e4fbd1f9d4b3c877a54"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 88117163,
         "digest": "sha256:53c7dc4a9ac0223c923d31eed20d2d62837363b73434429ea8d627763d3fe263"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 49649255,
         "digest": "sha256:2bedc44fe3bdae9c9c8c550124d4804bba3be27107310b146933355364c8c735"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 177,
         "digest": "sha256:c91d35002add2410e53530a49e805fe15dd82b5c3dd46442f0e3cd45c201305b"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 107225654,
         "digest": "sha256:3756da984ea66407ac1a5bbb0fabeec09680bd0832c210e1505fc344ce235b3d"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 4370,
         "digest": "sha256:1adb283c50915c2f712e5c8a71979ca1cb84ee8218cf580af18457edb825b2a0"
      }
   ]
}

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37
    • 38
    • 39
    • 40
    • 41
    • 42
    • 43
    • 44
    • 45
    • 46
    • 47

    3.2 结果二

    以下所有结果全是一样的,不论是不加header,还是加如下header(等于是header加了个寂寞),内容太长,用wc处理了下

    # 无header
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}   https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332  | wc -l
139

# schema1(现有清单格式)
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}  -H 'Accept: application/vnd.docker.distribution.manifest.v1+json'  https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332  | wc -l
139

# 清单列表,又称“胖清单”
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}  -H 'Accept: application/vnd.docker.distribution.manifest.list.v2+json'  https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332  | wc -l
139

# 容器配置JSON
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}  -H 'Accept: application/vnd.docker.container.image.v1+json'  https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332  | wc -l
139

# “图层”,作为压缩的tar
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}  -H 'Accept: application/vnd.docker.image.rootfs.diff.tar.gzip'  https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332  | wc -l
139

# “图层”,作为永远不应被推送的压缩后的tar
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}  -H 'Accept: application/vnd.docker.image.rootfs.foreign.diff.tar.gzip'  https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332  | wc -l
139

# 插件配置JSON
curl -s -v -X GET    -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD}  -H 'Accept: application/vnd.docker.plugin.v1+json'  https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332  | wc -l
139

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27

    结论:用【结果二】方式感觉没啥用,用【结果一】方式就够了

    4 常用url与目录

    # 常用url
https://仓库站点/v2/_catalog
https://仓库站点/v2/【仓库(中间可以包含多个/)】/tags/list
https://仓库站点/v2/【仓库(中间可以包含多个/)】/manifests/【tag|header-->digest】   #-- 删除时,必须用【header-->digest】
https://仓库站点/v2/【仓库(中间可以包含多个/)】/blobs/【config-->digest】

# 几个关键目录
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# ll  /srv/docker/docker_registry/data/docker/registry/v2/repositories/ufipf/gclife-apply-service/
总用量 0
drwxr-xr-x. 3 root root 20 919 2018 _layers
drwxr-xr-x. 4 root root 35 919 2018 _manifests
drwxr-xr-x. 2 root root  6 55 15:51 _uploads
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# 
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# ll  /srv/docker/docker_registry/data/docker/registry/v2/repositories/ufipf/gclife-apply-service/_manifests/
总用量 0
drwxr-xr-x. 3 root root  20 919 2018 revisions
drwxr-xr-x. 7 root root 120 55 16:04 tags
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# ll  /srv/docker/docker_registry/data/docker/registry/v2/repositories/ufipf/gclife-apply-service/_layers/
总用量 12
drwxr-xr-x. 23 root root 8192 55 15:51 sha256
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# ll  /srv/docker/docker_registry/data/docker/registry/v2/blobs/
总用量 12
drwxr-xr-x. 258 root root 8192 915 2018 sha256



    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25

    5 最后

    OK,看完这篇文章,你可能还想看看这篇文章【我实践:用docker registry API 获取清单并删除某仓库某tag镜像:https://blog.csdn.net/zhf_sy/article/details/126558517】

    img

    爱你!

  • 相关阅读:
    patient feature-based softmax embedding
    基于智能优化算法实现自动泊车的路径动态规划(Matlab代码实现)
    2023Jenkins连接k8s
    PMP每日一练 | 考试不迷路-9.21(包含敏捷+多选)
    网工内推 | IT工程师,IA认证即可,五险一金,全勤奖,最高10k
    【网络是怎么连接的】第二章(上): 建立连接,传输数据,断开连接
    220v插座led指示灯维修
    Vue3学习(二十一)- 文档管理页面布局修改
    在Oracle 11g 数据库上设置透明数据加密(TDE)
    stm32 - 初识2
  • 原文地址:https://blog.csdn.net/zhf_sy/article/details/126558336