如何使用gcloud或其他CLI在Google容器註冊表中列出發佈的容器圖像

Question

是否有gcloud API或其他命令行界面（CLI）訪問私有Google容器註冊表中已發佈容器圖像的列表？ （這是一個谷歌雲平臺項目中的容器註冊表）

gcloud container似乎並沒有幫助：

$ gcloud container 
Usage: gcloud container [optional flags] <group | command> 
    group may be   clusters | operations 
    command may be   get-server-config 

Deploy and manage clusters of machines for running containers. 

flags: 
    --zone ZONE, -z ZONE The compute zone (e.g. us-central1-a) for the cluster 

global flags: 
    Run `gcloud -h` for a description of flags available to all commands. 

command groups: 
    clusters    Deploy and teardown Google Container Engine clusters. 
    operations    Get and list operations for Google Container Engine 
         clusters. 

commands: 
    get-server-config  Get Container Engine server config. 

我也不想用gcloud docker列出圖片，因爲這要連接到一個特定的碼頭守護程序，我沒有。除非有辦法告訴gcloud docker連接到可以讀取通過我的項目推送到註冊表的私有容器的遠程公共docker守護進程。

Answer 1

我們剛剛發佈了一個新的命令列出圖像資源庫！

gcloud alpha container images list --repository=gcr.io/$MYREPOSITORY 

如果你想看到的圖像的特定標籤，你可以使用：您可以嘗試一下

gcloud alpha container images list-tags gcr.io/$MYREPOSITORY/$MYIMAGE 

Answer 2

如果你知道在承載圖像的項目（如google-containers），您可以用

gcloud docker search gcr.io/google_containers 

列出圖像對於單個圖像（例如，在google-containers項目pause圖像），您可以檢查版本與

curl https://gcr.io/v2/google-containers/pause/tags/list 

Answer 3

由羅伯特貝利給出的答案是有利於某些任務，但可能會錯過你特別想做的事情。儘管如此，您對答覆的評論並不是他的回答的錯誤，而是您自己對「失敗」的命令實際上意味着什麼的理解。

至於你的第二個評論，

Using docker I get the following error (for the reasons mentioned above; I also edited the question): Cannot connect to the Docker daemon. Is the docker daemon running on this host?

這是碼頭工人守護程序沒有運行的結果。檢查它是否通過ps aux | grep docker運行。您可以參考Docker documentation以確定如何正確安裝並運行它。

至於你的第一個評論，

Using curl I get: {"errors":[{"code":"DENIED","message":"Failed to read tags for repository '<my_project>/<my_image>'"}]} . I have to authenticate somehow to access the images in a private registry. I don't want to use docker because that means I have to have a docker daemon available. I only want to see if a container image with a particular version is in the Container Registry. So what I need is an API to the Container Registry in the Google Developer Console.

你不會是能夠curl圖像，除非它是公開的，在羅伯特的最新評論中提及，或者除非你以某種方式中提供了一些偉大的OAuth頭curl的調用。

您應該使用gcloud docker嘗試列出註冊表中的圖像，就像您對其他碼頭註冊表一樣。 gcloud container命令組對於您所需的任務而言是錯誤的。你可以看到下面的輸出從gcloud version 96.0.0（最新作此評論的）爲docker命令組：

$ gcloud docker 
Usage: docker [OPTIONS] COMMAND [arg...] 
     docker daemon [ --help | ... ] 
     docker [ --help | -v | --version ] 

A self-sufficient runtime for containers. 

Options: 

    --config=~/.docker     Location of client config files 
    -D, --debug=false     Enable debug mode 
    --disable-legacy-registry=false Do not contact legacy registries 
    -H, --host=[]      Daemon socket(s) to connect to 
    -h, --help=false     Print usage 
    -l, --log-level=info    Set the logging level 
    --tls=false      Use TLS; implied by --tlsverify 
    --tlscacert=~/.docker/ca.pem  Trust certs signed only by this CA 
    --tlscert=~/.docker/cert.pem  Path to TLS certificate file 
    --tlskey=~/.docker/key.pem   Path to TLS key file 
    --tlsverify=false     Use TLS and verify the remote 
    -v, --version=false    Print version information and quit 

Commands: 
    attach Attach to a running container 
    build  Build an image from a Dockerfile 
    commit Create a new image from a container's changes 
    cp  Copy files/folders between a container and the local filesystem 
    create Create a new container 
    diff  Inspect changes on a container's filesystem 
    events Get real time events from the server 
    exec  Run a command in a running container 
    export Export a container's filesystem as a tar archive 
    history Show the history of an image 
    images List images 
    import Import the contents from a tarball to create a filesystem image 
    info  Display system-wide information 
    inspect Return low-level information on a container or image 
    kill  Kill a running container 
    load  Load an image from a tar archive or STDIN 
    login  Register or log in to a Docker registry 
    logout Log out from a Docker registry 
    logs  Fetch the logs of a container 
    network Manage Docker networks 
    pause  Pause all processes within a container 
    port  List port mappings or a specific mapping for the CONTAINER 
    ps  List containers 
    pull  Pull an image or a repository from a registry 
    push  Push an image or a repository to a registry 
    rename Rename a container 
    restart Restart a container 
    rm  Remove one or more containers 
    rmi  Remove one or more images 
    run  Run a command in a new container 
    save  Save an image(s) to a tar archive 
    search Search the Docker Hub for images 
    start  Start one or more stopped containers 
    stats  Display a live stream of container(s) resource usage statistics 
    stop  Stop a running container 
    tag  Tag an image into a repository 
    top  Display the running processes of a container 
    unpause Unpause all processes within a container 
    version Show the Docker version information 
    volume Manage Docker volumes 
    wait  Block until a container stops, then print its exit code 

Run 'docker COMMAND --help' for more information on a command. 

您應該使用gcloud docker search gcr.io/project-id檢查哪些圖像是在庫中。 gcloud擁有您的憑證，所以只要您在項目中通過了身份驗證，就可以與私人註冊表通話。

---

最後，作爲一個額外的資源：雲平臺的文檔有關於與Google Container Registry工作整篇文章。

Answer 4

我的最佳解決方案到目前爲止，沒有可用的本地泊塢窗，並且無法連接到遠程泊塢窗（這仍然需要至少本地泊塢窗客戶端，而不是本地守護程序運行），是SSH到一個容器

gcloud compute ssh <container_cluster_instance> -C "sudo gcloud docker search ..." 

當然，要避免所有詳細輸出（如SSH /終端的歡迎消息）我用一些參數來沉默：運行docker，並已我的搜索方面所做的工作和取得的結果在我的原始腳本羣集實例執行一下：

gcloud compute ssh --ssh-flag="-q" "$INSTANCE_NAME" -o LogLevel=quiet -C "sudo gcloud docker search ..." 

Answer 5

我剛剛發現了一種更簡單的方法來檢查特定的圖像。一旦你驗證gcloud，用它來生成訪問令牌從您的私人註冊表讀取：

curl -u "oauth2accesstoken:$(gcloud auth print-access-token)" https://gcr.io/v2/<projectName>/<imageName>/tags/list