Amazon Elastic Container Registry (Amazon ECR) 是一种安全的亚马逊云科技托管容器映像注册表服务, 可扩展且可靠。Amazon ECR 支持具有基于资源的权限的私有存储库。这样,指定的用户或 Amazon EC2 实例就可以访问你的容器存储库和映像。你可以使用首选的 CLI 进行推送、拉取和管理 Docker 映像、Open Container Initiative (OCI) 映像和 OCI 兼容工件。
第一步、创建存储库
打开亚马逊官网,然后注册一个账号,注册是免费的,另外,弹性容器注册表可以免费使用12个月,还是很香的~
注册完成之后,打开Elastic Container Registry | ap-northeast-2 (amazon.com),选择创建存储库:
![](data:image/svg+xml;charset=utf-8,<svg height="605" width="1190" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
接下来,以公有存储库为例,介绍如何使用。
![](data:image/svg+xml;charset=utf-8,<svg height="2946" width="1191" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
设置好存储库名字之后,直接选择创建存储库即可,接下来就能看到已经创建的公有存储库:
![](data:image/svg+xml;charset=utf-8,<svg height="361" width="1192" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
第二步、安装Amazon CLI
接下来就是如何使用存储库。在使用之前,需要安装Amazon CLI,对于Linux来说,运行以下命令:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install
安装完成之后,运行/usr/local/bin/aws --version查看安装版本:
aws-cli/2.16.4 Python/3.11.8 Linux/3.10.0-1160.108.1.el7.x86_64 exe/x86_64.centos.7
然后需要配置访问凭证,首先打开安全凭证 | IAM | Global (amazon.com),选择创建访问密钥:
![](data:image/svg+xml;charset=utf-8,<svg height="281" width="1209" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
保存获取到的密钥:
![](data:image/svg+xml;charset=utf-8,<svg height="655" width="1207" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
然后在终端输入aws configure,将上面获取到的密钥输入。
[opc@instance-20240410-1646 ~]$ aws configure AWS Access Key ID [None]: AKIA6GBMAWOAI33 AWS Secret Access Key [None]: 7I2uz2L9gdTw4kJr1dLaSsmXWN1 Default region name [None]: us-east-1 Default output format [None]:json
第三步、推送镜像
接下来,点击存储库名称,进入存储库配置界面,选择查看推送命令:
![](data:image/svg+xml;charset=utf-8,<svg height="361" width="1253" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
找到第一条命令,在终端上输入即可:
[opc@instance-20240410-1646 ~]$ aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/f6xxxx WARNING! Your password will be stored unencrypted in /home/opc/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
然后,我们以自定义的Dockerfile为例,讲解如何使用存储库。首先,新建一个Dockerfile,内容为:
# 使用一个基础镜像 FROM alpine:latest # 设置镜像作者信息 LABEL maintainer="machunjie" # 执行打印 "Hello, World!" CMD echo "Hello, World!"
然后执行:
sudo docker build -t machunjie_docker .
[opc@instance-20240410-1646 aws_docker]$ sudo docker build -t machunjie_docker . [+] Building 4.1s (5/5) FINISHED docker:default => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 259B 0.0s => [internal] load metadata for docker.io/library/alpine:latest 2.6s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [1/1] FROM docker.io/library/alpine:latest@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd 1.2s => => resolve docker.io/library/alpine:latest@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd 0.0s => => sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd 1.85kB / 1.85kB 0.0s => => sha256:216266c86fc4dcef5619930bd394245824c2af52fd21ba7c6fa0e618657d4c3b 528B / 528B 0.0s => => sha256:1d34ffeaf190be23d3de5a8de0a436676b758f48f835c3a2d4768b798c15a7f1 1.47kB / 1.47kB 0.0s => => sha256:d25f557d7f31bf7acfac935859b5153da41d13c41f2b468d16f729a5b883634f 3.62MB / 3.62MB 0.4s => => extracting sha256:d25f557d7f31bf7acfac935859b5153da41d13c41f2b468d16f729a5b883634f 0.7s => exporting to image 0.1s => => exporting layers 0.0s => => writing image sha256:0b46dc45cd1d5a1d25913957b9635ed9bf0898c586d56ef7734af74142198e1a 0.1s => => naming to docker.io/library/machunjie_docker
然后运行:sudo docker tag machunjie_docker:latest public.ecr.aws/f6t4a9n0/machunjie_docker:latest
生成Docker镜像之后,接下来进行推送:
sudo docker push public.ecr.aws/f6t4a9n0/machunjie_docker:latest
![](data:image/svg+xml;charset=utf-8,<svg height="662" width="2748" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)