[英]How to create a docker-compose.yml file with both public and private images?
I'm trying to create a docker-compose.yml
file for a specific team of developers at work. 我正在尝试为工作中的特定开发人员团队创建docker-compose.yml
文件。 I've pushed our private images up to a private registry (Azure Container Registry) and that's ok/working :) 我已经将我们的私有映像推送到私有注册表(Azure容器注册表)中,这是可以的/:
Next I'm trying to test out how to get the dev's of this particular team to run the docker-compose
file which will pull down all the images and then start them all. 接下来,我试图测试如何让该特定团队的开发人员运行docker-compose
文件,该文件将拉下所有图像,然后将其全部启动。
I've figured out that the developers will need to do this: 我发现开发人员将需要执行以下操作:
-> docker login -u <admin username of my registry> <domain of the registry>
-> docker-compose pull
This pulls down my private images (from ACR the private registry), but not any images in docker hub (the public registry). 这将拉下我的私有映像(从ACR私有注册表),但不会拉下docker hub(公共注册表)中的任何映像。
service accounts
or something but it's really confusing and I have no idea if how to do that/if that's the right way. 我已经阅读了一些有关service accounts
,但确实令人困惑,我不知道该如何做/是否正确。 Here's a snippet my sample docker-compose
file, which contains both public and private images. 这是我的示例docker-compose
文件的片段,其中包含公共图像和私有图像。 Do note how I'm trying to fully qualify the image domains... 请注意我如何尝试完全限定图像域...
version: '3.5'
services:
ravendb.data:
image: hub.docker.com/ravendb/ravendb
expose:
- "8080"
networks:
- backend
container_name: ravendb.data
labels:
- "traefik.enable=false"
accounts.api:
image: <snip>.azurecr.io/<snip>/<snip>
networks:
<rest all snipped>
Q1 - Two issues, somewhat related - Q1-两个问题,有些相关-
Your Docker Hub registry FQDN is wrong in the RavenDB image
directive - hub.docker.com
is the human readable website, the public Docker registry resides at registry.hub.docker.com
or index.docker.io
(append v1
to those uri's to get the API). 您的码头工人枢纽注册表FQDN是错误的RavenDB image
的指令- hub.docker.com
是人类可读的网站,公众多克尔注册表驻留在registry.hub.docker.com
或index.docker.io
(追加v1
这些URI对获取API)。
You don't need the full public registry FQDN to pull from the public registry - its the default, and docker commands will by default pull from there if they don't detect a FQDN in the image tag preceding the image name. 您不需要完整的公共注册表FQDN即可从公共注册表中拉取-这是默认设置,并且docker命令默认情况下会从那里拉出,如果它们在映像名称之前的image标记中未检测到FQDN的话。
Q2 - I'm not sure how Azure Container Registry works, but I'd be astonished if you can't create a readonly user. 问题2-我不确定Azure容器注册表的工作方式,但是如果您无法创建只读用户,我会感到惊讶。 The normal registry is a REST based API server, and can be controlled either by setting its permissions internally or by putting a reverse proxy in-front of it with the POST/PUT/DELETE and PATCH verbs requiring a different authed user to the GET verb. 普通注册表是基于REST的API服务器,可以通过内部设置其权限或通过在反向代理中放置POST / PUT / DELETE和PATCH谓词来控制它,而POST / PUT / DELETE和PATCH谓词需要与GET谓词不同的经过身份验证的用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.