docker manifest使用

Rookie_explorers

已于 2024-08-22 14:34:04 修改

阅读量1.5k

点赞数 29

CC 4.0 BY-SA版权

分类专栏：容器文章标签： docker

于 2024-08-22 13:34:51 首次发布

本文链接：https://blog.csdn.net/qq_41303761/article/details/141422474

容器专栏收录该内容

6 篇文章

订阅专栏

文章目录

背景
docker manifest 使用

背景

在docker项目开发过程中，通常会涉及多架构容器镜像问题。正常情况下可以通过docker参数--platform=linux/xxx指定拉取镜像的架构。在之前的文章中提到，本地搭建docker hub 并使用docker push 命令将镜像推送到hub中。后续实验中发现在使用--platform参数拉取本地hub镜像时未实现架构区分的功能，通过查询资料发现需要通过manifest进行多架构镜像管理。
下面介绍一下当时采用的一种方式，希望看到文章的各位多提建议。

docker manifest 使用

manifest简介

docker manifest 命令使用子命令来管理镜像和多架构镜像（manifest lists）。
docker manifest 命令本身不执行任何操作。为了对 manifest 或 manifest list 进行操作，必须使用其中一个子命令。该命令还可以为用户查看普通镜像提供额外的信息，比如构建映像的操作系统和架构。
具体子命令信息可在命令行通过docker manifest --help查看。

前提

1、本地环境中docker需要登录到远程仓库。具体登录命令参照docker login
2、需要将多架构的镜像区分不同的tag上传到远程hub中，具体tag方式参照docker tag，上传方式见docker push。

create

介绍

docker manifest create 创建一个多架构镜像（manifest lists），并 push 到镜像仓库。

要创建多架构镜像，首先要在本地创建 manifest lists，指定您希望包含在清单列表中的组成映像。请注意，这是推送到镜像仓库的，所以如果您想推送到镜像仓库不是官方默认 hub.docker.com，您需要指定您的多架构镜像的镜像仓库地址或IP和端口。这类似于标记镜像并将其推送到外部镜像仓库。

使用介绍

$ docker manifest create --help

Usage:  docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]

Create a local manifest list for annotating and pushing to a registry

EXPERIMENTAL:
  docker manifest create is an experimental feature.
  Experimental features provide early access to product functionality. These
  features may change between releases without warning, or can be removed from a
  future release. Learn more about experimental features in our documentation:
  https://docs.docker.com/go/experimental/

Options:
  -a, --amend      Amend an existing manifest list
      --insecure   Allow communication with an insecure registry

命令示例

$ docker manifest create register-mirror-ip:port/library/rockylinux:8.6.20227707 register-mirror-ip:port/library/rockylinux:8.6.20227707-amd register-mirror-ip:port/library/rockylinux:8.6.20227707-arm --insecure
Created manifest list register-mirror-ip:port/library/rockylinux:8.6.20227707

--insecure 参数：允许使用不安全的（非合法证书的 https）镜像仓库

问题记录

1、创建过程中出现manifest unknown

$ docker manifest create rockylinux:8.6.20227707 register-mirror-ip:port/library/rockylinux:8.6.20227707-arm register-mirror-ip:port/library/rockylinux:8.6.20227707-amd
Error: error setting up to read manifest and configuration from "register-mirror-ip:port/library/rockylinux:8.6.20227707": reading manifest rockylinux:8.6.20227707-arm in register-mirror-ip:port/library/rockylinux:8.6.20227707: manifest unknown: manifest unknown

问题产生原因可能是因为远程仓库中不存在对应tag的镜像，通过上传之后可以正常进行创建。
2、创建过程中出现no such manifest: xxxxx

$ docker manifest create rockylinux:8.6.20227707 register-mirror-ip:port/library/rockylinux:8.6.20227707-arm register-mirror-ip:port/library/rockylinux:8.6.20227707-amd
no such manifest: register-mirror-ip:port/library/rockylinux:8.6.20227707-arm

问题原因可能是远程hub地址采用的是http协议，而本地docker使用的是https，通过添加--insecure参数可以解决此问题。

inspect

介绍

查看普通镜像或多架构镜像的详细信息。

使用介绍

# docker manifest inspect  --help

Usage:  docker manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST

Display an image manifest, or manifest list

EXPERIMENTAL:
  docker manifest inspect is an experimental feature.
  Experimental features provide early access to product functionality. These
  features may change between releases without warning, or can be removed from a
  future release. Learn more about experimental features in our documentation:
  https://docs.docker.com/go/experimental/

Options:
      --insecure   Allow communication with an insecure registry
  -v, --verbose    Output additional info including layers and platform

命令示例

$ docker manifest inspect rockylinux:8.6.20227707
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 529,
         "digest": "sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 530,
         "digest": "sha256:73f11afcbb50d8bc70eab9f0850b3fa30e61a419bc48cf426e63527d14a8373b",
         "platform": {
            "architecture": "arm64",
            "os": "linux",
            "variant": "v8"
         }
      }
   ]
}

push

介绍

推送一个多架构镜像（manifest lists）到镜像仓库。

使用介绍

$ docker manifest push --help

Usage:  docker manifest push [OPTIONS] MANIFEST_LIST

Push a manifest list to a repository

EXPERIMENTAL:
  docker manifest push is an experimental feature.
  Experimental features provide early access to product functionality. These
  features may change between releases without warning, or can be removed from a
  future release. Learn more about experimental features in our documentation:
  https://docs.docker.com/go/experimental/

Options:
      --insecure   Allow push to an insecure registry
  -p, --purge      Remove the local manifest list after push

命令示例

$ docker manifest push rockylinux:8.6.20227707 --insecure
sha256:de5d160af1aaa1caf83f60098ac1b73a168e096575688446eb39739ab7b0a3d6