问题
I'm bashing my head against the wall to try and figure out how to programmatically get a list of images in an Azure Container Registry.
Everything seems to fall down to looking in Docker.DotNet's own local instantiation of an image list, and push/pulling to an ACR via that local repository - but nothing is showing me how to get a list of images (and their tags) from the ACR itself. In digging through their rest API for azure, it looks like only a slim set of "management" options are available (getting a list of ACRs, getting the properties of an ACR, but nothing shows me it dives deeper than that).
I can get a list of image names, and then their image name tags via the Azure CLI -- but I'm looking to get an enumerable list of images in a C# app (inside a web-api, matter of fact).
Essentially - what I want to do is have a list of running images remotely, in docker -- and compare those to what's up in the ACR, to give a "hey, there's a newer version of this image available".
Has anyone done this? To any effect?
Is it simple like this (for Docker):
var _credentials = new BasicAuthCredentials("MY_REG_USERNAME", "MY_REG_PASSWORD");
var _config = new DockerClientConfiguration(new Uri("MY_REGISTRY_NAME.azurecr.io"), _credentials);
DockerClient _client = _config.CreateClient();
var myList = await _client.Images.ListImagesAsync(
new Docker.DotNet.Models.ImagesListParameters() { All = true }
);
or impossible?
I've messed around with IoT hubs and getting device twin lists and the like, with the DeviceClient -- is there nothing like this for the ACR?
回答1:
I was facing the same puzzle for a while and the answer is:
For image operations (including the tag list you were asking about) Microsoft supports the docker registry API v2.
https://docs.docker.com/registry/spec/api
What does it mean? An Example:
Azure REST API is for Azure resource operations only. There you can use Bearer Token authentication and for example make a GET request like this:
https://management.azure.com/subscriptions/SubscriptionGUID/resourceGroups/ContainerRegistry/providers/Microsoft.ContainerRegistry/registries/YourRegistryName?api-version=2017-10-01
But as you already know this will not give you access to operations on the content of the ACR.
Instead you need to call a different end-point, namely the Registry end-point, and very importantly, you need to use basic authentication with username and password:
https://yourregistryname-on.azurecr.io/v2/imagename/tags/list
What username and password is it? Well, there are 2 types possible:
- The admin user you can enable on the ACR in the Azure portal
- You can configure users in the ACR under Access Control with different types of access (more secure). As the username you can use the underlying GUID, visible in the query string in the URL when selecting it in Azure portal. Password/key can be configured there as well.
来源:https://stackoverflow.com/questions/49351966/azure-container-registry-list-images-tags-programmatically