如何使用公共和私有映像创建docker-compose.yml文件?
[英]How to create a docker-compose.yml file with both public and private images?
问题描述
I'm trying to create a docker-compose.yml file for a specific team of developers at work. 
我正在尝试为工作中的特定开发人员团队创建docker-compose.yml文件。 I've pushed our private images up to a private registry (Azure Container Registry) and that's ok/working :) 我已经将我们的私有映像推送到私有注册表(Azure容器注册表)中,这是可以的/:
Next I'm trying to test out how to get the dev's of this particular team to run the docker-compose file which will pull down all the images and then start them all. 接下来,我试图测试如何让该特定团队的开发人员运行docker-compose文件,该文件将拉下所有图像,然后将其全部启动。
I've figured out that the developers will need to do this: 我发现开发人员将需要执行以下操作:
-> docker login -u <admin username of my registry> <domain of the registry>
-> docker-compose pull
This pulls down my private images (from ACR the private registry), but not any images in docker hub (the public registry). 这将拉下我的私有映像(从ACR私有注册表),但不会拉下docker hub(公共注册表)中的任何映像。
- Q1: Is it possible to mix and match? Q1:可以混合搭配吗?
- Q2: Is there another way to make a 'user' which is only READONLY. 问题2:还有另一种方法可以使“用户”仅处于只读状态。 I've read some stuff about
service accountsor something but it's really confusing and I have no idea if how to do that/if that's the right way.我已经阅读了一些有关service accounts,但确实令人困惑,我不知道该如何做/是否正确。
Here's a snippet my sample docker-compose file, which contains both public and private images. 这是我的示例docker-compose文件的片段,其中包含公共图像和私有图像。 Do note how I'm trying to fully qualify the image domains... 请注意我如何尝试完全限定图像域...
version: '3.5'
services:
ravendb.data:
image: hub.docker.com/ravendb/ravendb
expose:
- "8080"
networks:
- backend
container_name: ravendb.data
labels:
- "traefik.enable=false"
accounts.api:
image: <snip>.azurecr.io/<snip>/<snip>
networks:
<rest all snipped>
1 个解决方案
解决方案1
1 已采纳 2018-12-03 06:54:13
Q1 - Two issues, somewhat related - Q1-两个问题,有些相关-
Your Docker Hub registry FQDN is wrong in the RavenDB
imagedirective -hub.docker.comis the human readable website, the public Docker registry resides atregistry.hub.docker.comorindex.docker.io(appendv1to those uri's to get the API).您的码头工人枢纽注册表FQDN是错误的RavenDB image的指令-hub.docker.com是人类可读的网站,公众多克尔注册表驻留在registry.hub.docker.com或index.docker.io(追加v1这些URI对获取API)。You don't need the full public registry FQDN to pull from the public registry - its the default, and docker commands will by default pull from there if they don't detect a FQDN in the image tag preceding the image name.
您不需要完整的公共注册表FQDN即可从公共注册表中拉取-这是默认设置,并且docker命令默认情况下会从那里拉出,如果它们在映像名称之前的image标记中未检测到FQDN的话。
Q2 - I'm not sure how Azure Container Registry works, but I'd be astonished if you can't create a readonly user. 问题2-我不确定Azure容器注册表的工作方式,但是如果您无法创建只读用户,我会感到惊讶。 The normal registry is a REST based API server, and can be controlled either by setting its permissions internally or by putting a reverse proxy in-front of it with the POST/PUT/DELETE and PATCH verbs requiring a different authed user to the GET verb. 普通注册表是基于REST的API服务器,可以通过内部设置其权限或通过在反向代理中放置POST / PUT / DELETE和PATCH谓词来控制它,而POST / PUT / DELETE和PATCH谓词需要与GET谓词不同的经过身份验证的用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.