Pushing a Docker Image to a Self-Hosted Registry – 将Docker镜像推送到自我托管的注册中心

1. Overview

1.概述

This tutorial will demonstrate how to push a Docker image to a self-hosted Docker registry. First, we’ll explore what a self-hosted registry is and how it’s different from a public one. We’ll then learn how to tag images that we want to push to a self-hosted registry. Finally, we’ll see how to actually push those images.

本教程将演示如何将Docker镜像推送到一个自我托管的Docker注册中心。首先，我们将探讨什么是自我托管的注册表，以及它与公共注册表有什么不同。然后，我们将学习如何标记我们想要推送到自我托管的注册表的镜像。最后，我们将看到如何实际推送这些镜像。

2. Self-Hosted Docker Registries

2.自我托管的Docker注册处

A Docker registry is a service that manages container image repositories. It allows us to do things like create repositories, push and pull images, and manage repository access. While many registries are provided as cloud services, registries may also be self-hosted.

Docker注册中心是一个管理容器镜像库的服务。它允许我们做一些事情，如创建存储库，推拉图像，以及管理存储库的访问。虽然许多注册中心是作为云服务提供的，但注册中心也可以是自我托管的。

When a registry is provided via the cloud, we don’t have to care about its hosting and maintenance. We simply have to register with the service and then use the provided functionality. Cloud-hosted Docker registries are also called public registries. Docker Hub is a well-known example of a public registry.

当一个注册表通过云提供时，我们不必关心其托管和维护。我们只需向该服务注册，然后使用所提供的功能。云托管 Docker注册表也被称为公共注册表。Docker Hub是公共注册表的一个著名例子。

If a company has special requirements, however, public registries might not be an option. Companies that cannot use public registries often have self-hosted ones that they can customize to their requirements. For example, a company might have a privacy policy requiring repositories to only be accessible via the company’s internal network. Or a company might need to run specific vulnerability scans on its images.

然而，如果一家公司有特殊要求，公共注册处可能不是一个选择。不能使用公共注册表的公司通常有自我托管的注册表，他们可以根据自己的要求进行定制。例如，一家公司可能有一个隐私政策，要求存储库只能通过公司的内部网络访问。或者一家公司可能需要在其图像上运行特定的漏洞扫描。

3. Tagging Images for Self-Hosted Registries

3.为自己的登记处贴上图像标签

We must tag images in a particular way before we can push them to a self-hosted registry. Let’s learn how to tag images appropriately.

我们必须以特定的方式对图像进行标记，然后才能将其推送到自我托管的注册表。让我们来学习如何适当地标记图像。

3.1. The Image Name Pattern

3.1.图像名称模式

When pushing an image, the image name defines where the image will be pushed. This is why, in order to push an image to a self-hosted registry, it’s crucial that we use the correct naming pattern. The image name must contain the registry host, the port, and the repository name, and can optionally be followed with a version tag:

当推送一个图像时，图像名称定义了图像将被推送到哪里。这就是为什么，为了推送镜像到一个自我托管的注册中心，我们必须使用正确的命名模式。镜像名称必须包含注册表主机、端口和存储库名称，并且可以选择在后面加上一个版本标签。

[registry host]:[registry port]/[repository name]:[tag name]

Suppose we have a registry that is running on localhost and listening on port 5000. Here’s an example name for version 1.0.0 of an image that we want to push to the my-fancy-app repository in that registry:

假设我们有一个在localhost上运行、监听端口为5000的注册表。下面是一个版本1.0.0的镜像名称示例，我们想把它推送到该注册表的my-fancy-app存储库。

localhost:5000/my-fancy-app:1.0.0

We’ll use this example throughout the rest of this article.

我们将在本文的其余部分使用这个例子。

Now that we know what naming pattern to apply, we can prepare an image for our self-hosted registry. First, we’ll see how to build a new image with the correct name. Then we’ll learn how to prepare an existing image by renaming it.

现在我们知道要应用什么命名模式，我们可以为我们的自我托管注册表准备一个镜像。首先，我们将看到如何用正确的名字建立一个新的镜像。然后我们将学习如何通过重命名来准备一个现有的镜像。

3.2. Tagging a New Image

3.2.给新图像打标签

If we’re building a new image and already have an application and Dockerfile prepared, we can use the -t flag of the docker build command so the image will be created with the appropriate name. Using the example from the previous section, the command would be:

如果我们要构建一个新的镜像，并且已经准备了一个应用程序和Docker文件，我们可以使用-t命令的t标志，这样镜像就会以适当的名称被创建。使用上一节的例子，该命令将是。

$ docker build -t localhost:5000/my-fancy-app:1.0.0 .

This tags the new image with the correct name followed by the optional version tag. The dot “.” at the end of the line indicates that we’re executing the command in the same directory as our Dockerfile.

这就给新镜像打上了正确的名字，后面是可选的版本标签。行末的点”. “表示我们在与Docker文件相同的目录中执行该命令。

3.3. Re-Tagging an Existing Image

3.3.重新标记现有的图像

If we want to push an existing image to our self-hosted registry, we first need to tag the image with a new alias that matches the naming pattern that we described above. We can re-tag an image with the docker tag command:

如果我们想把一个现有的图像推送到我们的自我托管注册表，我们首先需要用一个新的别名来标记这个图像，这个别名要符合我们上面描述的命名模式。我们可以用docker tag命令重新标记一个图像。

docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

For example, suppose we want to push an existing image called my-fancy-app:1.0.0 to our self-hosted registry. We would simply use the docker tag command to tag it with a new alias that matches that registry:

例如，假设我们想把一个名为my-fancy-app:1.0.0的现有镜像推送到我们的自我托管的注册表。我们将简单地使用docker tag命令，用一个新的别名来标记它，以匹配该注册表。

$ docker tag my-fancy-app:1.0.0 localhost:5000/my-fancy-app:1.0.0

4. Pushing the Image

4.推送图像

Once we’ve properly tagged an image, we can push it to our self-hosted registry.

一旦我们正确地标记了一个图像，我们就可以把它推送到我们的自我托管的注册表。

Companies often require authentication to protect their self-hosted registries. When that’s the case, we first need to log in with the docker login command:

公司通常需要认证以保护其自我托管的注册表。在这种情况下，我们首先需要用docker login命令来登录。

docker login [OPTIONS] [SERVER]

For our self-hosted registry that’s hosted on localhost:5000, the command is:

对于我们托管在localhost:5000上的自我托管的注册表，命令是。

$ docker login localhost:5000

After logging in, we use the docker push command to push an image to our self-hosted registry:

登录后，我们使用docker push命令，将一个镜像推送到我们的自我托管的注册表。

docker push [OPTIONS] NAME[:TAG]

Let’s see the command to push the image we prepared in the sections above:

让我们看看推送我们在上面的章节中准备的图像的命令。

$ docker push localhost:5000/my-fancy-app:1.0.0

5. Verifying the Push

5.核实推送

The last step is to verify that the image is now available in our self-hosted registry. To do that, we’ll pull the image from that registry, but we must first delete our cached local image by running the docker image rm command:

最后一步是验证图像现在在我们的自我托管的注册表中是否可用。要做到这一点，我们将从该注册表中提取图像，但我们必须首先通过运行docker image rm 命令来删除我们缓存的本地图像。

$ docker image rm localhost:5000/my-fancy-app:1.0.0

Let’s verify we removed the image by listing all of our local images and checking that our image isn’t there:

让我们通过列出我们所有的本地图片并检查我们的图片是否不在那里来验证我们是否删除了该图片。

$ docker images

Next, let’s pull the image from our self-hosted registry using the docker pull command:

接下来，让我们使用docker pull 命令从我们的自我托管的注册表中提取图像。

$ docker pull localhost:5000/my-fancy-app:1.0.0

By listing all local images again, we can verify that our image was successfully pulled from our self-hosted registry:

通过再次列出所有本地图像，我们可以验证我们的图像已经成功地从我们的自我托管的注册表中拉出。

$ docker images
REPOSITORY                  TAG   IMAGE ID     CREATED        SIZE 
localhost:5000/my-fancy-app 1.0.0 d33a5b65c0f5 20 minutes ago 326MB

6. Conclusion

6.结语

In this article, we’ve learned what self-hosted Docker registries are and why we might use them. We’ve also explored how to prepare an image – whether it’s a pre-existing image or a new one we’re building – so that we can push it to a self-hosted registry. Finally, we learned how to push the properly-tagged image to our example registry.

在这篇文章中，我们已经了解了什么是自我托管的Docker注册中心，以及为什么我们会使用它们。我们还探讨了如何准备一个镜像–无论是预先存在的镜像还是我们正在构建的新镜像–以便我们可以将其推送到自托管注册表。最后，我们学习了如何将正确标记的镜像推送到我们的示例注册表。