[英]Export Docker image from GCR (Google Container Registry)
I'm using GCR (Google Container Registry) as my Docker image registry in service of GKE (Google Kubernetes Engine) deployments. 我正在使用GCR(Google容器注册表)作为我的Docker镜像注册表,用于GKE(Google Kubernetes Engine)部署。 My penetration testing team has requested I make the Docker images from GCR available for them for testing.
我的渗透测试团队要求我从GCR获取Docker镜像供他们测试。
I can create the Docker images locally but that is not quite what they are after. 我可以在本地创建Docker镜像,但这并不是他们所追求的。
How can I go about downloading a Docker image from GCR to my PC? 如何从GCR下载Docker镜像到我的电脑?
And then following on from that, how can I go about copying the Docker image and handing it over to the penetration testing team. 然后继续,我怎样才能复制Docker镜像并将其交给渗透测试团队。
Quoting from the documentation: 引用文档:
You can access Container Registry through secure HTTPS endpoints, which allow you to push, pull, and manage images from any system, VM instance, or your own hardware.
您可以通过安全的HTTPS端点访问Container Registry,从而可以从任何系统,VM实例或您自己的硬件推送,提取和管理映像。 Additionally, you can use the Docker credential helper command-line tool to configure Docker to authenticate directly with Container Registry.
此外,您可以使用Docker凭证帮助程序命令行工具将Docker配置为直接使用Container Registry进行身份验证。
As you can check here the way to proceed to to grant to one or more user the permission inside a project to access the container register: 您可以在此处查看继续向一个或多个用户授予项目内访问容器寄存器的权限的方法:
Pull (Read Only)
roles/storage.objectViewer Storage Object Viewer :
- storage.objects.get
- storage.objects.list
Once you have done this you can install the classical google Cloud SDK and you logged in, you should be able to authenticate docker and pull the image running: 完成此操作后,您可以安装经典的Google Cloud SDK,并且在登录后,您应该能够对docker进行身份验证并拉动图像运行:
$ gcloud auth configure-docker
$ docker pull [HOSTNAME]/[PROJECT-ID]/[IMAGE][:TAG]
Notice that you can also decide to create an image public and pull it running only the classical: 请注意,您还可以决定创建一个公共图像并将其拉为仅运行经典图像:
$ docker pull [HOSTNAME]/[PROJECT-ID]/[IMAGE][:TAG]
Step to Step guide showing how to do it. 步骤指南显示如何执行此操作。
Since it seems that you are interested to save it on your local disk in a nice format and hand it over to an other team, these are the possible steps to do so: 由于您似乎有兴趣以一种不错的格式将其保存在本地磁盘上并将其交给另一个团队,因此这些是可能的步骤:
$ gcloud auth configure-docker
$ docker pull [HOSTNAME]/[PROJECT-ID]/[IMAGE][:TAG]
$ docker save IMAGENAME:TAG -o FILENAME.tar
Notice that as far as I now you can save images merely if they are present running docker images
请注意,就我现在而言,只有当它们存在运行
docker images
才能保存docker images
Further documentation: Difference between save and export in Docker 进一步的文档: Docker中保存和导出的区别
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.