Amazon Elastic Container Registry
(Amazon ECR
) 是一种安全的亚马逊云科技托管容器映像注册表服务, 可扩展且可靠。Amazon ECR
支持具有基于资源的权限的私有存储库。这样,指定的用户或 Amazon EC2
实例就可以访问你的容器存储库和映像。你可以使用首选的 CLI
进行推送、拉取和管理 Docker
映像、Open Container Initiative (OCI)
映像和 OCI
兼容工件。
第一步、创建存储库
打开亚马逊官网,然后注册一个账号,注册是免费的,另外,弹性容器注册表可以免费使用12
个月,还是很香的~
注册完成之后,打开Elastic Container Registry | ap-northeast-2 (amazon.com),选择创建存储库:
接下来,以公有存储库为例,介绍如何使用。
设置好存储库名字之后,直接选择创建存储库
即可,接下来就能看到已经创建的公有存储库:
第二步、安装Amazon CLI
接下来就是如何使用存储库。在使用之前,需要安装Amazon CLI
,对于Linux
来说,运行以下命令:
1 2 3 |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install |
安装完成之后,运行/usr/local/bin/aws --version
查看安装版本:
aws-cli/2.16.4 Python/3.11.8 Linux/3.10.0-1160.108.1.el7.x86_64 exe/x86_64.centos.7
然后需要配置访问凭证,首先打开安全凭证 | IAM | Global (amazon.com),选择创建访问密钥:
保存获取到的密钥:
然后在终端输入aws configure
,将上面获取到的密钥输入。
1 2 3 4 5 |
[opc@instance-20240410-1646 ~]$ aws configure AWS Access Key ID [None]: AKIA6GBMAWOAI33 AWS Secret Access Key [None]: 7I2uz2L9gdTw4kJr1dLaSsmXWN1 Default region name [None]: us-east-1 Default output format [None]:json |
第三步、推送镜像
接下来,点击存储库名称,进入存储库配置界面,选择查看推送命令:
找到第一条命令,在终端上输入即可:
1 2 3 4 5 6 |
[opc@instance-20240410-1646 ~]$ aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/f6xxxx WARNING! Your password will be stored unencrypted in /home/opc/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded |
然后,我们以自定义的Dockerfile
为例,讲解如何使用存储库。首先,新建一个Dockerfile
,内容为:
1 2 3 4 5 6 7 8 |
# 使用一个基础镜像 FROM alpine:latest # 设置镜像作者信息 LABEL maintainer="machunjie" # 执行打印 "Hello, World!" CMD echo "Hello, World!" |
然后执行:
sudo docker build -t machunjie_docker .
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[opc@instance-20240410-1646 aws_docker]$ sudo docker build -t machunjie_docker . [+] Building 4.1s (5/5) FINISHED docker:default => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 259B 0.0s => [internal] load metadata for docker.io/library/alpine:latest 2.6s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [1/1] FROM docker.io/library/alpine:latest@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd 1.2s => => resolve docker.io/library/alpine:latest@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd 0.0s => => sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd 1.85kB / 1.85kB 0.0s => => sha256:216266c86fc4dcef5619930bd394245824c2af52fd21ba7c6fa0e618657d4c3b 528B / 528B 0.0s => => sha256:1d34ffeaf190be23d3de5a8de0a436676b758f48f835c3a2d4768b798c15a7f1 1.47kB / 1.47kB 0.0s => => sha256:d25f557d7f31bf7acfac935859b5153da41d13c41f2b468d16f729a5b883634f 3.62MB / 3.62MB 0.4s => => extracting sha256:d25f557d7f31bf7acfac935859b5153da41d13c41f2b468d16f729a5b883634f 0.7s => exporting to image 0.1s => => exporting layers 0.0s => => writing image sha256:0b46dc45cd1d5a1d25913957b9635ed9bf0898c586d56ef7734af74142198e1a 0.1s => => naming to docker.io/library/machunjie_docker |
然后运行:sudo docker tag machunjie_docker:latest public.ecr.aws/f6t4a9n0/machunjie_docker:latest
生成Docker
镜像之后,接下来进行推送:
sudo docker push public.ecr.aws/f6t4a9n0/machunjie_docker:latest