Created
September 1, 2017 18:57
-
-
Save dutchiechris/d5a1df5592ba294e491cfbd950ecae3c to your computer and use it in GitHub Desktop.
docker-registry-with-s3-notes.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This doc explains how the registry API works: | |
https://github.com/docker/distribution/blob/master/docs/spec/api.md | |
Here’s an example using curl. | |
Check details of an image that was pushed to the registry: | |
[root@3-kvm1 ~]# curl -v -X GET 3-docker10.nltestlab.hq.netapp.com:5000/v2/busybox/manifests/latest | |
* About to connect() to 3-docker10.nltestlab.hq.netapp.com port 5000 (#0) | |
* Trying 10.64.28.160... | |
* Connected to 3-docker10.nltestlab.hq.netapp.com (10.64.28.160) port 5000 (#0) | |
> GET /v2/busybox/manifests/latest HTTP/1.1 | |
> User-Agent: curl/7.29.0 | |
> Host: 3-docker10.nltestlab.hq.netapp.com:5000 | |
> Accept: */* | |
> | |
< HTTP/1.1 200 OK | |
< Content-Length: 2781 | |
< Content-Type: application/vnd.docker.distribution.manifest.v1+prettyjws | |
< Docker-Content-Digest: sha256:5053364a26da320cbdad81253f3ce2aa5ec4ee121c1ebf6919d3e7d023a69355 | |
< Docker-Distribution-Api-Version: registry/2.0 | |
< Etag: "sha256:5053364a26da320cbdad81253f3ce2aa5ec4ee121c1ebf6919d3e7d023a69355" | |
< X-Content-Type-Options: nosniff | |
< Date: Fri, 01 Sep 2017 14:12:50 GMT | |
< | |
{ | |
"schemaVersion": 1, | |
"name": "busybox", | |
"tag": "latest", | |
"architecture": "amd64", | |
"fsLayers": [ | |
{ | |
"blobSum": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4" | |
}, | |
{ | |
"blobSum": "sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e" | |
} | |
], | |
"history": [ | |
{ | |
"v1Compatibility": "{\"architecture\":\"amd64\",\"config\":{\"Hostname\":\"dfb178f19369\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"sh\"],\"ArgsEscaped\":true,\"Image\":\"sha256:0348edacacf159ab6f19138182733dea8a418e06f526a2233d317c1f94549b4a\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":{}},\"container\":\"f06386f489abf85537c32f826603214955d8731ccc5b45103d5548688abfa417\",\"container_config\":{\"Hostname\":\"dfb178f19369\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) \",\"CMD [\\\"sh\\\"]\"],\"ArgsEscaped\":true,\"Image\":\"sha256:0348edacacf159ab6f19138182733dea8a418e06f526a2233d317c1f94549b4a\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":{}},\"created\":\"2017-08-23T22:31:12.496245278Z\",\"docker_version\":\"17.03.2-ce\",\"id\":\"5af35a2126de25b5d499e108331dafd9cf1aa6d3c1a377949a5cd49e94179dac\",\"os\":\"linux\",\"parent\":\"00e34fc12d885133ebb172d49a70fb5f6df2f3207a58a3b761e70692ec3727d6\",\"throwaway\":true}" | |
}, | |
{ | |
"v1Compatibility": "{\"id\":\"00e34fc12d885133ebb172d49a70fb5f6df2f3207a58a3b761e70692ec3727d6\",\"created\":\"2017-08-23T22:31:12.211403101Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) ADD file:645231abe6e10e7282a6e78b49723a3ba35b62741fc08228b4086ffb95128f98 in / \"]}}" | |
} | |
], | |
"signatures": [ | |
{ | |
"header": { | |
"jwk": { | |
"crv": "P-256", | |
"kid": "OCND:ZMNS:GAUL:AQCP:LN7X:DPGR:E4SP:J5UO:FGRQ:SWJY:MU5Y:YF3Y", | |
"kty": "EC", | |
"x": "_HHmEWra584LNXQEm0GVCNhM92XHM400nkS_QtNFMLI", | |
"y": "UTA85Yfpguyojt2BzLJmeyeXrvCk-lEh8OyBr-Oe4WM" | |
}, | |
"alg": "ES256" | |
}, | |
"signature": "pijTJDP_FJ1KZhR8ORAuD2ZL8iHT_20zSKagS-B4TqE4jzI8mrBsUb-vbZDT9p57WoZ1Q0OFgQ4m4y6Ns-EvOA", | |
"protected": "eyJmb3JtYXRMZW5ndGgiOjIxMzQsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNy0wOS0wMVQxNDoxMjo1MFoifQ" | |
} | |
] | |
} | |
Grab a layer and observe you get a redirect to the S3 target with presigned url valid for 20 minutes: | |
root@3-kvm1 ~]#curl -v -X GET 3-docker10.nltestlab.hq.netapp.com:5000/v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 | |
* About to connect() to 3-docker10.nltestlab.hq.netapp.com port 5000 (#0) | |
* Trying 10.64.28.160... | |
* Connected to 3-docker10.nltestlab.hq.netapp.com (10.64.28.160) port 5000 (#0) | |
> GET /v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1 | |
> User-Agent: curl/7.29.0 | |
> Host: 3-docker10.nltestlab.hq.netapp.com:5000 | |
> Accept: */* | |
> | |
< HTTP/1.1 307 Temporary Redirect | |
< Content-Type: application/octet-stream | |
< Docker-Distribution-Api-Version: registry/2.0 | |
< Location: https://webscaledemo.netapp.com:8082/registry/docker/registry/v2/blobs/sha256/a3/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=R90MMKKISS8OUZDB7OOE%2F20170901%2Flocal%2Fs3%2Faws4_request&X-Amz-Date=20170901T141306Z&X-Amz-Expires=1200&X-Amz-SignedHeaders=host&X-Amz-Signature=93f48af48c6a24a5893dc7b948f79b1ce4eb82b3b210342b4d1e99e463709451 | |
< X-Content-Type-Options: nosniff | |
< Date: Fri, 01 Sep 2017 14:13:06 GMT | |
< Content-Length: 469 | |
< | |
<a href="https://webscaledemo.netapp.com:8082/registry/docker/registry/v2/blobs/sha256/a3/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=R90MMKKISS8OUZDB7OOE%2F20170901%2Flocal%2Fs3%2Faws4_request&X-Amz-Date=20170901T141306Z&X-Amz-Expires=1200&X-Amz-SignedHeaders=host&X-Amz-Signature=93f48af48c6a24a5893dc7b948f79b1ce4eb82b3b210342b4d1e99e463709451">Temporary Redirect</a>. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment