问题
I'm trying to create a docker-compose.yml file for a specific team of developers at work. I've pushed our private images up to a private registry (Azure Container Registry) and that's ok/working :)
Next I'm trying to test out how to get the dev's of this particular team to run the docker-compose file which will pull down all the images and then start them all.
I've figured out that the developers will need to do this:
-> docker login -u <admin username of my registry> <domain of the registry>
-> docker-compose pull
This pulls down my private images (from ACR the private registry), but not any images in docker hub (the public registry).
- Q1: Is it possible to mix and match?
- Q2: Is there another way to make a 'user' which is only READONLY. I've read some stuff about
service accountsor something but it's really confusing and I have no idea if how to do that/if that's the right way.
Here's a snippet my sample docker-compose file, which contains both public and private images. Do note how I'm trying to fully qualify the image domains...
version: '3.5'
services:
ravendb.data:
image: hub.docker.com/ravendb/ravendb
expose:
- "8080"
networks:
- backend
container_name: ravendb.data
labels:
- "traefik.enable=false"
accounts.api:
image: <snip>.azurecr.io/<snip>/<snip>
networks:
<rest all snipped>
回答1:
Q1 - Two issues, somewhat related -
Your Docker Hub registry FQDN is wrong in the RavenDB
imagedirective -hub.docker.comis the human readable website, the public Docker registry resides atregistry.hub.docker.comorindex.docker.io(appendv1to those uri's to get the API).You don't need the full public registry FQDN to pull from the public registry - its the default, and docker commands will by default pull from there if they don't detect a FQDN in the image tag preceding the image name.
Q2 - I'm not sure how Azure Container Registry works, but I'd be astonished if you can't create a readonly user. The normal registry is a REST based API server, and can be controlled either by setting its permissions internally or by putting a reverse proxy in-front of it with the POST/PUT/DELETE and PATCH verbs requiring a different authed user to the GET verb.
来源:https://stackoverflow.com/questions/53578811/how-to-create-a-docker-compose-yml-file-with-both-public-and-private-images