问题
I'm running a react app in a docker container, on a Coreos server. Let's say it's been pulled from dockerhub from https://hub.docker.com/r/myimages/myapp.
Now I want to check periodically if the dockerhub image for the app container has been updated, to see if the image I'm running locally is behind.
What would be the most efficient way to check if a local docker image is outdated compared to the remote image? All solutions I've found so far are bash scripts or external services that push on an update. I'd like to find a solution that is as native to docker as possible, and would like to refrain from pushing a notification from somewhere else (to alert the server of an updated image).
回答1:
If you are using Docker Hub you could use a Webhook to notify the docker host about a update, and take action over that.
Using the webhook would be the "simple" way to do it (I think) otherwise you would have to do some kind of crawling in the docker pull or as explained by @alebianco comparing some hashs or build/creation dates.
Here is the docs about it: https://docs.docker.com/docker-hub/webhooks/
回答2:
there's an API available for the Docker Hub
You should be able to get the list of tags, and from there the manifest details
edit
I did some digging around, looks like they don't expose any kind of checksum of the image, it's manifest or the layers that compose it.
The closest thing i found is the creation date ... which i wouldn't suggest using if you're trying to make something remotely secure.
Anyway, you need to get an access token first
curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/ubuntu:pull"
extract the token from the response, then you can load the manifest of an image version
curl --header "Authorization: Bearer $TOKEN" https://index.docker.io/v2/library/ubuntu/manifests/latest
look into the history object of the json returned, you'll find a created property.
Then you can get your local image created date with
docker inspect --format "{{json .Created}}" ubuntu:latest
Compare the two and cringe away ...
回答3:
I solved this issue with a crawler that checks either the Dockerfile directly or a from string.
I backed everything into a docker image which could be found in the docker hub.
I simply run the image in my gitlab ci pipeline. If the base image is outdated is prints all newer versions so that you can easily pick the tag.
Link: https://hub.docker.com/r/olafnorge/docker-image-crawler/
来源:https://stackoverflow.com/questions/42137511/how-do-i-check-if-my-local-docker-image-is-outdated-without-pushing-from-somewh