Pull and push images¶
Just as with Docker Hub, interactions with MSR consist in the following:
docker login <msr-url> authenticates the user on MSR
docker pull <image>:<tag> pulls an image from MSR
docker push <image>:<tag> pushes an image to MSR
Pull an image¶
Note
It is only necessary to authenticate using docker login before pulling a private image.
If you need to pull a private image, log in to MSR:
docker login <registry-host-name>
Pull the required image:
docker pull <registry-host-name>/<namespace>/<repository>:<tag>
Push an image¶
Before you can push an image to MSR, you must create a repository and tag your image.
Create a repository for the required image.
Tag the image using the host name, namespace, repository name, and tag:
docker tag <image-name> <registry-host-name>/<namespace>/<repository>:<tag>
Log in to MSR:
docker login <registry-host-name>
Push the image to MSR:
docker push <registry-host-name>/<namespace>/<repository>:<tag>
Verify that the image successfully pushed:
Log in to the MSR web UI.
In the left-side navigation panel, click Repositories.
Select the relevant repository.
Navigate to the Tags tab.
Verify that the required tag is listed on the page.
Windows image limitations¶
The base layers of the Microsoft Windows base images have redistribution restrictions. When you push a Windows image to MSR, Docker only pushes the image manifest and the layers that are above the Windows base layers. As a result:
When a user pulls a Windows image from MSR, the Windows base layers are automatically fetched from Microsoft.
Because MSR does not have access to the image base layers, it cannot scan those image layers for vulnerabilities. The Windows base layers are, however, scanned by Docker Hub.
On air-gapped or similarly limited systems, you can configure Docker to push
Windows base layers to MSR by adding the following line to
C:\ProgramData\docker\config\daemon.json
:
"allow-nondistributable-artifacts": ["<msr-host-name>:<msr-port>"]
Caution
For production environments, Mirantis does not recommend configuring Docker to push Windows base layers to MSR.