镜像推送与拉取 #
镜像推送流程 #
推送流程图 #
text
┌─────────────────────────────────────────────────────┐
│ 镜像推送流程 │
├─────────────────────────────────────────────────────┤
│ │
│ 1. 标记镜像 │
│ docker tag myapp:v1.0 registry/myapp:v1.0 │
│ │ │
│ ↓ │
│ 2. 登录仓库 │
│ docker login registry │
│ │ │
│ ↓ │
│ 3. 推送镜像 │
│ docker push registry/myapp:v1.0 │
│ │ │
│ ↓ │
│ 4. 验证推送 │
│ curl registry/v2/myapp/tags/list │
│ │
└─────────────────────────────────────────────────────┘
镜像推送 #
基本推送 #
bash
# 标记镜像
docker tag myapp:v1.0 username/myapp:v1.0
# 推送到Docker Hub
docker push username/myapp:v1.0
# 推送到私有仓库
docker tag myapp:v1.0 registry.example.com/myapp:v1.0
docker push registry.example.com/myapp:v1.0
推送所有标签 #
bash
# 推送所有标签
docker push username/myapp --all-tags
# 或逐个推送
docker push username/myapp:v1.0
docker push username/myapp:v1.0.0
docker push username/myapp:latest
推送多架构镜像 #
bash
# 创建多架构镜像
docker buildx build \
--platform linux/amd64,linux/arm64 \
-t username/myapp:v1.0 \
--push .
推送参数 #
bash
# 禁用进度输出
docker push --quiet username/myapp:v1.0
# 禁用压缩
docker push --disable-content-trust username/myapp:v1.0
镜像拉取 #
基本拉取 #
bash
# 拉取镜像
docker pull nginx:alpine
# 拉取指定平台
docker pull --platform linux/arm64 nginx:alpine
# 从私有仓库拉取
docker pull registry.example.com/myapp:v1.0
拉取所有标签 #
bash
# 拉取所有标签
docker pull --all-tags nginx
# 拉取特定标签
docker pull nginx:1.25.0-alpine
拉取参数 #
bash
# 静默模式
docker pull --quiet nginx:alpine
# 不打印进度
docker pull nginx:alpine > /dev/null
镜像标记 #
标记格式 #
bash
# 格式
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
# 示例
docker tag myapp:v1.0 username/myapp:v1.0
docker tag myapp:v1.0 username/myapp:latest
docker tag myapp:v1.0 registry.example.com/team/myapp:v1.0
多标签管理 #
bash
# 添加多个标签
docker tag myapp:v1.0.0 username/myapp:v1.0.0
docker tag myapp:v1.0.0 username/myapp:v1.0
docker tag myapp:v1.0.0 username/myapp:v1
docker tag myapp:v1.0.0 username/myapp:latest
# 推送所有标签
docker push username/myapp
仓库认证 #
登录仓库 #
bash
# 登录Docker Hub
docker login
# 登录私有仓库
docker login registry.example.com
# 使用用户名密码
docker login -u username -p password registry.example.com
# 使用stdin输入密码(推荐)
echo "password" | docker login -u username --password-stdin registry.example.com
登出仓库 #
bash
# 登出Docker Hub
docker logout
# 登出私有仓库
docker logout registry.example.com
凭证管理 #
bash
# 查看凭证存储位置
cat ~/.docker/config.json
# 使用凭证存储
# ~/.docker/config.json
{
"credsStore": "osxkeychain", // macOS
"credsStore": "secretservice", // Linux
"credsStore": "wincred" // Windows
}
镜像分发策略 #
版本标签策略 #
text
┌─────────────────────────────────────────────────────┐
│ 版本标签策略 │
├─────────────────────────────────────────────────────┤
│ │
│ 开发环境: │
│ - myapp:dev │
│ - myapp:feature-xxx │
│ │
│ 测试环境: │
│ - myapp:test │
│ - myapp:rc-1.0.0 │
│ │
│ 生产环境: │
│ - myapp:v1.0.0 │
│ - myapp:v1.0 │
│ - myapp:v1 │
│ - myapp:latest │
│ │
└─────────────────────────────────────────────────────┘
环境隔离 #
bash
# 开发环境
docker tag myapp:dev registry.dev.example.com/myapp:dev
docker push registry.dev.example.com/myapp:dev
# 测试环境
docker tag myapp:test registry.test.example.com/myapp:test
docker push registry.test.example.com/myapp:test
# 生产环境
docker tag myapp:v1.0.0 registry.prod.example.com/myapp:v1.0.0
docker push registry.prod.example.com/myapp:v1.0.0
自动化推送 #
CI/CD集成 #
yaml
# GitLab CI示例
stages:
- build
- push
build:
stage: build
script:
- docker build -t myapp:$CI_COMMIT_SHA .
push:
stage: push
script:
- docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD registry.example.com
- docker tag myapp:$CI_COMMIT_SHA registry.example.com/myapp:$CI_COMMIT_SHA
- docker push registry.example.com/myapp:$CI_COMMIT_SHA
- |
if [ "$CI_COMMIT_BRANCH" == "main" ]; then
docker tag myapp:$CI_COMMIT_SHA registry.example.com/myapp:latest
docker push registry.example.com/myapp:latest
fi
GitHub Actions #
yaml
# .github/workflows/docker.yml
name: Docker Build and Push
on:
push:
branches: [main]
tags: ['v*']
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Login to Registry
uses: docker/login-action@v2
with:
registry: registry.example.com
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build and Push
uses: docker/build-push-action@v4
with:
push: true
tags: registry.example.com/myapp:${{ github.sha }}
镜像传输优化 #
并行推送 #
bash
# 使用skopeo并行推送
skopeo copy docker://myapp:v1.0 docker://registry.example.com/myapp:v1.0
层共享 #
dockerfile
# 使用相同基础镜像实现层共享
FROM node:18-alpine AS base
FROM base AS builder
# ...
FROM base AS production
# ...
压缩传输 #
bash
# 镜像已经压缩传输
# Docker默认使用gzip压缩
故障排除 #
推送失败 #
bash
# 检查登录状态
cat ~/.docker/config.json
# 重新登录
docker logout registry.example.com
docker login registry.example.com
# 检查网络
curl -I https://registry.example.com/v2/
# 检查权限
# 确保账户有推送权限
拉取失败 #
bash
# 检查镜像是否存在
curl -I https://registry.example.com/v2/myapp/manifests/v1.0
# 检查认证
docker login registry.example.com
# 检查网络
ping registry.example.com
# 检查磁盘空间
df -h
速率限制 #
bash
# Docker Hub速率限制
# 匿名: 100次/6小时
# 认证: 200次/6小时
# 解决方案
# 1. 登录账户
docker login
# 2. 使用镜像缓存
# 3. 使用私有仓库
小结 #
本节学习了Docker镜像的推送和拉取:
- 镜像推送流程和操作
- 镜像拉取操作
- 镜像标记管理
- 仓库认证配置
- 镜像分发策略
- 自动化推送配置
下一步 #
接下来,让我们学习 仓库安全配置,了解Docker仓库的安全配置方法。