Docker build tag repository name - docker

One can easily build docker images through docker build command.
What I'm wondering is the t flag that you can give when building the image. For example:
$ docker build -t ouruser/sinatra:v2 .
According to documentation, the t flag is for tagging and naming purposes. Name is the part before ':', and tag is the part after it. So in our example, the name is ouruser/sinatra, and the tag is v2.
I thought this would be the image name and tag. But apparently, the name is actually some repository name? Why do I think it is? Well, because if you would after this list the images with command:
docker images
You would get a listing like this:
REPOSITORY TAG IMAGE ID CREATED SIZE
ouruser/sinatra latest 5db5f8471261 11 hours ago 446.7 M
Bang! Major shock! You thought you were creating an image with name, and instead, you specified some repository! Related to this, I have some questions:
Where is this repository located?
Can I name the image without creating a repository?
Where and how is this repository used, or could be used?
Where can I find more information about this repository? I only found this, and it doesn't tell much to be honest: docker build docs
Why is it common to use names that consist of two parts like this: somename/someothername?
Thank you for your help!

I believe the confusion here is the word "repository." In Docker, a repository is any group of builds of an image with the same name, and potentially multiple tags. A "registry" server, like hub.docker.com or your own private registry, holds multiple repositories, e.g. the redis repository on the public registry. That one repository has multiple tags for different versions of the build.
So with that background, to answer your questions:
ouruser/sinatra is located on your local Docker host until you do a docker push
No, the repository and the tag is the name of the image.
While local on your system, you can use this image locally. Once you push it up to a registry, you can then pull it down to any other Docker host that has access to that registry. And if you do a docker save you can save that image for a docker load on another host.
I'm sure there is documentation covering this somewhere on docs.docker.com, but I learned from a class.
The username/imagebase format came about to support pushing to your own namespace in hub.docker.com. Without that, whoever makes the first "Redis" image calls it "redis" while the next person makes their own repository called "redis-improved", and we quickly get into a jumble of confusing names where it's not clear who made what and what is a reputable image. That naming isn't required for images you make locally, but is still encouraged since images you pull from hub.docker.com may lack a username if they are maintained by Docker themselves. Without your username, you won't know which images you pulled down and which you built yourself.

Related

what is the best practicies of storing images in container registry

I need different images for dev,stage, and prod environments, how should I store images in dokckerhub?
should I use tags
my_app:prod
my_app:dev
my_app:stage
or maybe include env name in image like this
my_app_stage
my_app_stage
my_app_stage
Tags are primarily meant for versioning, as the default tag latest implies. If you use it for other meaning without versioning info, like tagging environment as my_app:dev and my_app:prod, there's no strict rule to prohibit that, but it could cause problem for deployment of the containers.
Imagine you have a container defined in docker-compose.yml that specifies my_app:prod as image. It's fine when you're developing locally, but when you deploy to production with Docker Compose or an orchestration service like Kubernetes, depending on policy, the controller can choose to reuse images from its local cache instead of pulling from registry every time. Now you just completed a new version of the image, and pushed it to Docker Hub feeling assured. Too bad it's still under the same name and tag, so the controller considers it's the same and uses the cached image, causing your old version to be deployed.
It could be worse than that. Not all nodes or clusters are configured the same, some will pull the latest version from the registry while some don't. Your swarm or deployment now contains a mixed set of old and new container versions, producing erratic behavior at best.
Now you know better and push your new version as my_app/prod:v2.0 and update the config. All controllers see the new version and pull down to use for replacing and scaling containers. Everything is consistent.
A simple version number as tag may sound a bit too simple, as practically you could have many properties that you find useful to add to an image, to help with documentation or query maybe. Or you need a specific name and tag so you can push to a certain cloud provider. Luckily you don't have to sacrifice versioning to do that, as Docker allows you to apply as many tags as you like:
docker build -t my_app:latest -t my_app:v2.0 -t my_app:prod -t cloud_user/app_image_id:v2.0 .

Pulling Docker Images - Manifest not found

I'm trying to download a tagged docker image
docker pull clkao/postgres-plv8:10-2
and, in a compose file,
postgres:
image: clkao/postgres-plv8:10-2
But receive a manifest not found exception.
Unless I'm mistaken, that tag exists in Docker Hub, however I notice that it doesn't appear on the tags list.
Am I doing something wrong? Or is this perhaps an issue with Docker Hub or the way that repo has been set up?
If it isn't 'my fault', what's a recommendation to move forward? Create my own Dockerfile perhaps?
You might also try
docker pull -a <image>.
The -a will pull all versions of that image, which at least lets you know what is there.
(This is less useful if you really need a specific version, but helped me when I tried to pull an image that for some reason did not have a 'latest' tag.)
Edit: This is actually a really bad idea, since it will pull down the entire history, which for many repositories could be many GB. Better to go look at the repository site and see what tag you want. Note to self: don't post answers when you are tired. :-(
You get the error message because there exist no tag with "10-2".
You can try to figure out why and contact the repository owner or you can try to build your own one.
I just got over this "manifest for / not found: manifest unknown: The named manifest is not known to the registry."
Using
docker login <repo>
Check the docker's image also not only that the tag exists, I was trying to run Flyway version 5.0.1 for an image flyway/flyway which version did not exist, it existed only in version flyway/flyway:latest it seems, whereas 5.0.1 existed and I pulled it but in/from a different repository name, with repository name boxfuse/flyway.
for the error message 'docker manifest unknown'
When you use docker pull, without a tag, it will default to the tag :latest. Make sure that when we are building a image add tag latest or we can access the image by the tag name after image name with colon
I think you are trying to tag your image as v8.10.2. Make sure while tagging image locally you use same tag which you want to pull in future. So steps will be like below:
docker build -t clkao/postgres-pl:v8.10.2 .
docker push clkao/postgres-pl:v8.10.2
docker pull clkao/postgres-pl:v8.10.2
If this is from Git via docker.pkg.github.com then you need to switch to use ghcr.io. The former is deprecated and does not support the manifest endpoint so some docker clients, when they attempt to download various resources, fail with this error message. If you instead publish your image to ghcr (Github Container Repository), the docker image pulling process should complete successfully.
cd <dir with Dockerfile in it>
docker build -f Dockerfile -t ghcr.io/<org_id>/<project_id>:<version> .
docker push ghcr.io/<org_id>/<project_id>:<version>
More info here: https://docs.github.com/en/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry
Note: The Container registry is currently in public beta and subject
to change. During the beta, storage and bandwidth are free. To use the
Container registry, you must enable the feature preview. For more
information, see "Introduction to GitHub Packages" and "Enabling
improved container support with the Container registry."

Tag not found in repository docker.io/minio

We have been using locked version of the Minio image (RELEASE.2016-10-07T01-16-39Z), but now it seems to have been removed.
I'm getting this from Docker:
Pulling minio (minio/minio:RELEASE.2016-10-07T01-16-39Z)...
Pulling repository docker.io/minio/minio
ERROR: Tag RELEASE.2016-10-07T01-16-39Z not found in repository docker.io/minio/minio
I'm finding Docker hub hard to navigate. Where can I find a list of available versioned images, or a mirror to my exact image?
You can find the available tags for minio/minio on that repository's tag page.
If you have the image you want already downloaded on any of your systems, you can push it to Docker Hub yourself, then pull it onto your other systems. This has the benefit that you can control whether you delete that image (it's your account, not someone else's).
You can also use a private registry, if you want, which would prevent Docker from deleting the image from Docker Hub against your will for some reason. But that is extra work you may not wish to do (you would have to host the registry yourself, set it up, maintain it...)
We removed the docker version due to incompatibilities, from the recent releases it won't happen.

How to prevent docker images on docker hub from being overwritten?

Is there any way to prevent images being uploaded to docker hub with the same tags as existing images? Our use case is as follows.
We deploy to production with a docker-compose file with the tags of images as version numbers. In order to support roll-back to previous environments and idempotent deployment it is necessary that a certain tagged docker image always refer to the same image.
However, docker hub allows images to be uploaded with the same tags as existing images (they override the old image). This completely breaks the idea of versioning your images.
We currently have work-arounds which involve our build scripts pulling all versions of an image and looking through the tags to check that an overwrite will not happen etc. but it feels like there has to be a better way.
If docker hub does not support this, is there a way to do docker deployment without docker hub?
The tag system has no way of preventing images been overwritten; you have to come up with your own processes to handle this (and h3nrik's answer is an example of this).
However, you could use the digest instead. In the new v2 of the registry, all images are given a checksum, known as a digest. If an image or any of its base layers change, the digest will change. So if you pull by digest, you can be absolutely certain that the contents of that image haven't changed over time and that the image hasn't been tampered with.
Pulling by digest looks like:
docker pull debian#sha256:f43366bc755696485050ce14e1429c481b6f0ca04505c4a3093dfdb4fafb899e
You should get the digest when you do a docker push.
Now, I agree that pulling by digest is a bit unwieldy, so you may want to set up a system that simply tracks digest and tag and can verify that the image hasn't changed.
In the future, this situation is likely to improve, with tools like Notary for signing images. Also, you may want to look at using labels to store metadata such as git hash or build number.
Assuming you have a local build system to build your Docker images: you could include the build number from your local build job in your tag. With that you assure your requirement:
... it is necessary that a certain tagged docker image always refer to the same image.
When your local build automatically pushes to docker hub it is assured that each push pushes an image with a unique tag.

What is the differenece between Docker Registry and Docker Index?

I am new to docker and just going through the online links to understand how it works. However I am not getting much clarity on Docker Registry and Docker Index. I get that part that your docker image will be there on registry and client uses pull command to daemon which in turn get the image from registry. But I also read that you can get and image from Index as well then what is the difference between these two?
Thank you.
I think Where are Docker images stored? gives a good explanation:
An index manages user accounts, permissions, search, tagging, and all that nice stuff that's in the public web interface.
A registry stores and serves up the actual image assets, and it delegates authentication to the index.
When you run docker search, it's searching the index, not the registry. In fact, it might be searching multiple registries that the index is aware of.
When you run docker push or docker pull, the index determines if you are allowed to access or modify the image, but the registry is the piece that stores it or sends it down the wire to you after the index approves the operation. Also, the index figures out which registry that particular image lives in and forwards the request appropriately.
Beyond that, when you're working locally and running commands like docker images, you're interacting with something that is neither an index or a registry, but a little of both.
There is a slight difference, mostly because there were 2 API's developed, which were originally developed to be served by separate services.
https://github.com/docker/docker-registry implements the registry API, while the Docker Hub implements both.
I know of one open source implementation of the Index, which can be added to a docker-registry -
There is no difference. Both usually refers to Docker official image repository. You can also find it referred as Docker repository and Docker Hub. All of them usually refers to the same.
You also can find or set up an alternate repository and host there images, but then you would refer that repository as your repository or a particular name (e.g.: totum repository).
I'm not sure about Docker Registry. But a docker registry is a service that stores images, allowing you to pull and push them. distribution/registry is probably the most popular implementation. Docker Index is the former name of Docker Hub. There's also an index server, which is seemingly what's left from the registry v1 api if you extract the registry v2 api from it. Namely, searching for images. And apparently Docker Hub has both a docker registry and an index server.
More on it here.

Resources