I'm confused as to the difference between docker registries and repositories. It seems like the Docker documentation uses the two words interchangeably. Also, repositories are sometimes referred to as images, such as this from their docs:
In order to push a repository to its registry, you need to have named
an image or committed your container to a named image as we saw here.
Now you can push this repository to the registry designated by its
name or tag.
How can you push a repository to a registry? Aren't you pushing the image to the repository?
Docker registry is a service that is storing your docker images.
Docker registry could be hosted by a third party, as public or private registry, like one of the following registries:
- Docker Hub,
- Quay,
- Google Container Registry,
- AWS Container Registry
or you can host the docker registry by yourself
(see https://docs.docker.com/docker-trusted-registry/ for more details).
Docker repository is a collection of different docker images with same name, that have different tags. Tag is alphanumeric identifier of the image within a repository.
For example see https://hub.docker.com/r/library/python/tags/. There are many different tags for the official python image, these tags are all members of the official python repository on the Docker Hub. Docker Hub is a Docker Registry hosted by Docker.
To find out more read:
- https://docs.docker.com/registry/
- https://github.com/docker/distribution
From the book Using Docker, Developing and deploying Software with Containers
Registries, Repositories, Images, and Tags
There is a hierarchical system for storing images.
The following terminology is used:
Registry
A service responsible for hosting and distributing images. The default registry is the Docker Hub.
Repository
A collection of related images (usually providing different versions of the same application or service).
Tag
An alphanumeric identifier attached to images within a repository (e.g., 14.04 or stable ).
So the command docker pull amouat/revealjs:latest
will download the image tagged latest within the amouat/revealjs
repository from the Docker Hub registry.
Complementing the information:
- You usually push a repository to a registry (and all images that are part of it). But you can push a single image to a registry. In all cases, you use
docker push
.
- An image has a 12-hex-digit Image ID, but is also identified by:
namespace/repo-name:tag
- The image full name can be optionally prefixed by the registry host name and port:
myregistryhost:5000/namespace/repo-name:tag
- A common naming convention is to use your registry user-name as what I called "namespace".
A docker repository is a cute combination of registry
and image
.
docker tag foo <registry>/<image>:<tag>
is the same as
docker tag foo <repository>:<tag>
Docker Registry is a service, which you can either host yourself (Trusted and Private) or you can let docker hub be the host for this service. Usually, if your software is commercial, you will have hosted this as a "Private and Trusted" registry. For Java Developers, this is somewhat analogous to Maven Artifactory setup.
Docker Repository is a set of "Tagged" images. An example is that you might have tagged 5 of ubuntu:latest
images:
a) Nano editor (image1_tag:v1)
b) A specific software 1 (image1_tag:v2)
c) Sudo (image1_tag:v3)
d) apache http daemon (image1_tag:v4)
e) tomcat (image1_tag:v5)
You can use docker push
command to push each of the above images to your repository. As long as the repository names match, they will be pushed successfully, and appear under your chosen repository and correctly tagged.
Now, your question is, "So where is this repository hosted/who is managing the service"? That is where Docker Registry comes into picture. By default you will get a docker hub registry (Open Source) which you can use to keep your private/public repository. So without any modification, your images will be pushed to your private repository in docker hub. An example output when you pushing your image tags are the following:
docker@my-docker-vm:/$ docker push mydockerhub/my-helloworld-repo:my_tag
The push refers to repository [docker.io/mydockerhub/my-helloworld-repo]
bf41e934d39d: Pushed
70d93396f87f: Pushed
6ec525dfd060: Pushed
705419d10b13: Pushed
a4aaef726d02: Pushed
04964fddc946: Pushed
latest: digest: sha256:eb93c92351bce785aa3ec0de489cfeeaafd55b7d90adf95ecea02629b376e577 size: 1571
docker@my-docker-vm:/$
And if you type immediately docker images --digests -a
you can confirm that your pushed image tags are now showing new signature against the private repository managed by docker hub registry.
Docker Hub and other third party repository hosting services are called “registries”. A registry stores a collection of repositories.
As a registry can have many repositories and a repository can have many different versions of the same image which are individually versioned with tags.