最近工作中遇到个事情,我在本地虚拟机导出的镜像,导入到服务器发现镜像的digests是<none>,网上找了半天发现没有相关的解决方案,服务器上的源码是通过镜像的hash值拉取镜像没有Tag,镜像digests为<none>很痛苦要改源码,经过这半天的摸索发现了一个解决方案,特此记录,便于日后查阅。
一,什么是Digest
根据官网给出的定义是:
使用V2以及V2以上格式的镜像将会有一个叫做digest的内容可寻址标识符。
根据定义来看,这个digest其实就是就是根据镜像内容产生的一个ID,官网上说,只要用于产生这个image的输入不变,那么digest就是可以预测的,换句话说只要镜像的内容不变digest也不会变。而这个digest主要是用在仓库内的。
那么,我们上面 pull httpd这个镜像,其实是可以两种方式pull的,比如,
简单的pull,docker pull httpd 这个时候使用的是阿里云的镜像仓库
$ docker pull httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32而这个时候,我们希望是从另一个私有的自己搭建的仓库拉取镜像,不希望这个镜像有一点点的改变,比如自己搭建的harbor私有仓库。当然,私有仓库内的该镜像也必须带有这个digest才可以正确拉取到哦。
带校验码拉取镜像可以保证我们拉取的镜像一定是一个正确的可以校验的镜像,保证内容是正确的。这个就是digest的功能。
二、如何修改Digest
假设已经有一个镜像拉取到本地了,但我们发现它没有digest或者digest不是我们想要的,怎么办呢?
查看docker的存储路径,也就是查看启动脚本定义的路径
[root@slave1 ~]# cat /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/local/bin/dockerd --graph=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target进入镜像数据层目录,可以看到一个文件,repositories.json
[root@slave1 overlay2]# pwd
/var/lib/docker/image/overlay2
[root@slave1 overlay2]# ll
total 4
drwx------ 4 root root 58 Jun 13 00:10 distribution
drwx------ 4 root root 37 Jun 12 19:54 imagedb
drwx------ 5 root root 45 Jun 13 00:10 layerdb
-rw------- 1 root root 3278 Jun 28 12:09 repositories.json[root@slave1 overlay2]# cat repositories.json
{"Repositories":{"httpd":{"httpd:latest":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34","httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34"},"jettech/kube-webhook-certgen":{"jettech/kube-webhook-certgen:v1.5.1":"sha256:a013daf8730dbb3908d66f67c57053f09055fddb28fde0b5808cb24c27900dc8","jettech/kube-webhook-certgen@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7":"sha256:a013daf8730dbb3908d66f67c57053f09055fddb28fde0b5808cb24c27900dc8"},"quay.io/coreos/flannel":{"quay.io/coreos/flannel:v0.13.0":"sha256:e708f4bb69e310904d564a1e67c3833d6a0428d3cf8dd9b9abba25c7aa0f3dfe"},"registry.cn-hangzhou.aliyuncs.com/google_containers/coredns":{"registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0":"sha256:bfe3a36ebd2528b454be6aebece806db5b40407b833e2af9617bf39afaff8c16"},"registry.cn-hangzhou.aliyuncs.com/google_containers/etcd":{"registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0":"sha256:0369cf4303ffdb467dc219990960a9baa8512a54b0ad9283eaf55bd6c0adb934"},"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy":{"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.19.3":"sha256:cdef7632a242bc23fd6abf4e42b4ea36706d096ccef09cc855d4ad057db822d7","registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy@sha256:1f99b26aad3a90358ad83b4065cf59002b5a913e839b70744caff4a84315a2e7":"sha256:cdef7632a242bc23fd6abf4e42b4ea36706d096ccef09cc855d4ad057db822d7"},"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler":{"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.19.3":"sha256:aaefbfa906bd854407acc3495e8a3b773bb3770e4a36d836f7fd3255c299ab25"},"registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller":{"registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a":"sha256:435df390f3673c475f60eac1ed1c12fd1aea2e8a083927325aa6d5c969c5c8d2"},"registry.cn-hangzhou.aliyuncs.com/google_containers/pause":{"registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2":"sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c","registry.cn-hangzhou.aliyuncs.com/google_containers/pause@sha256:927d98197ec1141a368550822d18fa1c60bdae27b78b0c004f705f548c07814f":"sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c"},"registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner":{"registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner:v3.1.0-k8s1.11":"sha256:e47e31bbe424e3df9827b75c68380b5e34d7619ce83ceaea4100bb50d1e0f3d9","registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner@sha256:819e4176025d46637700e0a0711cc048d4171d4e6279be94e91ad53315c26a9d":"sha256:e47e31bbe424e3df9827b75c68380b5e34d7619ce83ceaea4100bb50d1e0f3d9"},"registry.hand-china.com/tools/redis":{"registry.hand-china.com/tools/redis:6.2.6-debian-10-r120":"sha256:74f63995c6262bed440fc5c23d66fbb7bdbd6e906a54f018c01d9fa8a17740b1","registry.hand-china.com/tools/redis@sha256:6a76298b78b9890ddac6010edfbea15545e6a5de20f2710a222cec44900a6e9f":"sha256:74f63995c6262bed440fc5c23d66fbb7bdbd6e906a54f018c01d9fa8a17740b1"}}}[root@slave1 overlay2]给jettech/kube-webhook-certgen这个镜像增加digests为例,打开 repositories.json 这个文件,将httpd的digest dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34 替换到两个jettech/kube-webhook-certgen后面的值,然后重启docker服务
[root@slave1 overlay2]# cat repositories.json
{"Repositories":{"httpd":{"httpd:latest":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34","httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34"},"jettech/kube-webhook-certgen":{"jettech/kube-webhook-certgen:v1.5.1":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34","jettech/kube-webhook-certgen@sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34":"sha256:a013daf8730dbb3908d66f67c57053f09055fddb28fde0b5808cb24c27900dc8"},"quay.io/coreos/flannel":{"quay.io/coreos/flannel:v0.13.0":"sha256:e708f4bb69e310904d564a1e67c3833d6a0428d3cf8dd9b9abba25c7aa0f3dfe"},"registry.cn-hangzhou.aliyuncs.com/google_containers/coredns":{"registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0":"sha256:bfe3a36ebd2528b454be6aebece806db5b40407b833e2af9617bf39afaff8c16"},"registry.cn-hangzhou.aliyuncs.com/google_containers/etcd":{"registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0":"sha256:0369cf4303ffdb467dc219990960a9baa8512a54b0ad9283eaf55bd6c0adb934"},"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy":{"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.19.3":"sha256:cdef7632a242bc23fd6abf4e42b4ea36706d096ccef09cc855d4ad057db822d7","registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy@sha256:1f99b26aad3a90358ad83b4065cf59002b5a913e839b70744caff4a84315a2e7":"sha256:cdef7632a242bc23fd6abf4e42b4ea36706d096ccef09cc855d4ad057db822d7"},"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler":{"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.19.3":"sha256:aaefbfa906bd854407acc3495e8a3b773bb3770e4a36d836f7fd3255c299ab25"},"registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller":{"registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a":"sha256:435df390f3673c475f60eac1ed1c12fd1aea2e8a083927325aa6d5c969c5c8d2"},"registry.cn-hangzhou.aliyuncs.com/google_containers/pause":{"registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2":"sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c","registry.cn-hangzhou.aliyuncs.com/google_containers/pause@sha256:927d98197ec1141a368550822d18fa1c60bdae27b78b0c004f705f548c07814f":"sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c"},"registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner":{"registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner:v3.1.0-k8s1.11":"sha256:e47e31bbe424e3df9827b75c68380b5e34d7619ce83ceaea4100bb50d1e0f3d9","registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner@sha256:819e4176025d46637700e0a0711cc048d4171d4e6279be94e91ad53315c26a9d":"sha256:e47e31bbe424e3df9827b75c68380b5e34d7619ce83ceaea4100bb50d1e0f3d9"},"registry.hand-china.com/tools/redis":{"registry.hand-china.com/tools/redis:6.2.6-debian-10-r120":"sha256:74f63995c6262bed440fc5c23d66fbb7bdbd6e906a54f018c01d9fa8a17740b1","registry.hand-china.com/tools/redis@sha256:6a76298b78b9890ddac6010edfbea15545e6a5de20f2710a222cec44900a6e9f":"sha256:74f63995c6262bed440fc5c23d66fbb7bdbd6e906a54f018c01d9fa8a17740b1"}}}此时查看镜像会发现有两个jettech/kube-webhook-certgen
[root@slave1 overlay2]# docker images --digests
\REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE
registry.hand-china.com/tools/redis 6.2.6-debian-10-r120 sha256:6a76298b78b9890ddac6010edfbea15545e6a5de20f2710a222cec44900a6e9f 74f63995c626 4 months ago 95.2MB
jettech/kube-webhook-certgen v1.5.1 <none> dabbfbe0c57b 6 months ago 144MB
httpd latest sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32 dabbfbe0c57b 6 months ago 144MB
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller <none> sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a 435df390f367 16 months ago 279MB
registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner v3.1.0-k8s1.11 sha256:819e4176025d46637700e0a0711cc048d4171d4e6279be94e91ad53315c26a9d e47e31bbe424 18 months ago 49.8MB
jettech/kube-webhook-certgen <none> sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34 a013daf其中一个就是带digest,一个不带的哦,至此,digest修改的任务就算完成了。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
