Docker Image history without using docker history command - docker

I have a docker image. I want to analyze the docker image history, for this I can use docker image history command in the docker installed environment.
But when am working in a Openshift cluster, I may not have the access to the docker command here. So here I want get the docker history command result for the given image.
So basically I have a docker image and I don't have docker installed there. In this case how can we get the history of that docker image?
Can anyone please help me on this?

You can get the registry info either via curl or skopeo inspect. But the rest of the metadata is stored inside the image itself so you do have to download at least the final layer.

Related

What is the difference between docker pull and docker image pull commands?

As of now, I am learning Docker. This reference has mentioned two ways of pulling an image from the Docker registry. Can anyone explain this in simple terms?
Does this mean that we cannot get updates on a pulled image if we use docker image pull command?
They are the same command. From the documentation you linked:
To download a particular image, or set of images (i.e., a repository), use docker image pull (or the docker pull shorthand).
There are many "shortand commands" like:
docker push for docker image push
docker run for docker container run
...
What is the difference between docker pull and docker image pull commands?
None.
Can anyone explain this in simple terms?
They are the same.
Does this mean that we cannot get updates on a pulled image if we use docker image pull command?
No.
Also https://forums.docker.com/t/docker-pull-imagename-vs-docker-image-pull-imagename/59283

Can Docker CLI, Podman and other similar tools have shared local storage for images?

I recently started using podman and realized that images pulled via docker doesn't become available for use to podman and vice-versa. For example:-
If I pull the image using docker CLI, as shown below
docker pull registry.access.redhat.com/ubi7-minimal
and If I want to use the same image with podman or buildah, turns out I cannot
[riprasad#localhost ~]$ podman inspect registry.access.redhat.com/ubi7-minimal
Error: error getting image "registry.access.redhat.com/ubi7-minimal": unable to find 'registry.access.redhat.com/ubi7-minimal' in local storage: no such image
I understand that this is because both podman and docker uses a different storage location and hence the image pulled down via docker doesn't becomes available for use with podman and vice-versa.
[riprasad#localhost ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/ubi7-minimal latest fc8736ea8c5b 5 weeks ago 81.5MB
[riprasad#localhost ~]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
Is there a way to mitigate this issue, and somehow make docker and podman work inter-changeably on the very same image, irrespective of whether it has been pulled down via docker or podman ??
Docker and Podman do not sure the same storage. They can not, because Docker controls locking to its storage within the daemon. While Podman, Buildah, CRI-O, Skopeo all can share content, because they use the file system.
Podman and the other tools can work with the docker-daemon storage indirectly, via the "docker-daemon" transport.
Something like:
podman run docker-daemon:alpine echo hello
Should work.
Note, that podman is pulling the image out of the docker daemon and is storing the image in containers/storage, and then running the container, it is not using the Docker storage directly.
You can also do
podman push myimage docker-daemon:myimage
To copy an image from containers/storage into the docker daemon.
Adding to #rhatdan's post
podman run docker://alpine echo hello
This worked for me.
For more details: Here->

find base image or ''source in docker hub'' for an image in local

The project I am working have its docker images built from
FROM java:8-jre
Now I am writing a new service and though I can also make java:8-jre base image for my service. But I wanted to find out from where it was taken at the first place. As on docker hub I see only openjdk or oracle one is available.
Also if I do like below it is downloaded from docker hub (I guess, As I tried on my local as well), But cant see it on dockerHub(why?)
docker pull java:8-jre
Is there any way, I can search this image at docker hub or find its source with something like below -
docker image inspect java:8-jre
This image belongs to the official java repository, which is deprecated in favor of openjdk repository.
Accessing this repo will redirect you to the openjdk page.
But you can have a glimpse of java repo page here.
You can still find the Dockerfile for your image here.
Information which you need will be available in Dockerfile for that particular image.
I didn't find any image with name java:8-jre in docker hub.
Closest which I found was
https://hub.docker.com/r/fiadliel/java8-jre/
To see steps of Dockerfile for that Image build try this
docker image history --no-trunc image_name > image_history

Some questions on Docker basics?

I'm new to docker.Most of the tutorials on docker cover the same thing.I'm afraid I'm just ending up with piles of questions,and no answers really. I've come here after my fair share of Googling, kindly help me out with these basic questions.
When we install a docker,where it gets installed? Is it in our computer in local or does it happen in cloud?
Where does containers get pulled into?I there a way I can see what is inside the container?(I'm using Ubuntu 18.04)
When we pull an image.Docker image or clone a repository from
Git.where does this data get is stored?
Looks like you are confused after reading to many documents. Let me try to put this in simple words. Hope this will help.
When we install a docker,where it gets installed? Is it in our
computer in local or does it happen in cloud?
We install the docker on VM be it you on-prem VM or cloud. You can install the docker on your laptop as well.
Where does containers get pulled into?I there a way I can see what is
inside the container?(I'm using Ubuntu 18.04)
This question can be treated as lack of terminology awareness. We don't pull the container. We pull the image and run the container using that.
Quick terminology summary
Container-> Containers allow you to easily package an application's code, configurations, and dependencies into a template called an image.
Dockerfile-> Here you mention your commands or infrastructure blueprint.
Image -> Image gets derived from Dockerfile. You use image to create and run the container.
Yes, you can log inside the container. Use below command
docker exec -it <container-id> /bin/bash
When we pull an image.Docker image or clone a repository from
Git.where does this data get is stored?
You can pull the opensource image from Docker-hub
When you clone the git project which is docerized, you can look for Dockerfile in that project and create the your own image by build it.
docker build -t <youimagenae:tag> .
When you build or pull the image it get store in to your local.
user docker images command
Refer the below cheat-sheet for more commands to play with docker.
The docker daemon gets installed on your local machine and everything you do with the docker cli gets executed on your local machine and containers.
(not sure about the 1st part of your question). You can easily access your docker containers by docker exec -it <container name> /bin/bash for that you will need to have the container running. Check running containers with docker ps
(again I do not entirely understand your question) The images that you pull get stored on your local machine as well. You can see all the images present on your machine with docker images
Let me know if it was helpful and if you need any futher information.

How can I find the images being pulled from the SHA1s?

When we run a docker container if the relevant image is not in the local repo it is being downloaded but in a specific sequence i.e parent images etc.
If I don’t know anything about the image how could I find from which images is being based on based on the layers pulled as displayed in a docker run?
The output only shows the SHA1s on any docker run etc
AFAIK, you can't, there is no reverse function for a hash.
Docker just tries to get the image from local, when its not available tries to fetch it from the registry. The default registry is DockerHub.
When you don't specify any tag when running the container ie: docker run ubuntu instead of docker run ubuntu:16.04 the default latest is used. You'll have to visit the registry and search which version the latest tag is pointing to.
Usually in DockerHub there is a link pointing the GitHub repo where you can find the Dockerfile, in the Dockerfile you can find how its built, including the root image.
You also can get some extra info with docker image inspect image:tag, but you'll find more hashes in the layers.
Take a look to dockerfile-from-image
"Similar to how the docker history command works, the dockerfile-from-image script is able to re-create the Dockerfile (approximately) that was used to generate an image using the metadata that Docker stores alongside each image layer."
With this, maybe you can get the source of the image.

Resources