dockerdocker-registrydocker-imagedocker-layer

Docker image layer verification


I need to know about offline usage of a registry for docker images.

When a docker image is pulled from the official microsoft site, adjusted, and then pushed to a registry, is it the complete image or are layers missing?

When other hosts pull the image from the registry, which might be used offline, will the client host need an internet connection nonetheless to pull missing/secret layers from the microsoft server? (or is it a full image that was pulled from microsoft and later pushed to the registry?)

What about signatures? Will those get updated automatically for each layer, when the image gets adjusted, applications stored within, etc., so that there are no verification errors when other clients pull the adjusted image from the local registry?


Solution

  • When you build an image from another image docker download the base image locally to your computer you can even save it as a file.

    When you push an image to local registry it pushed the complete image including the base image it was built from.

    When someone will try to pull the new image from your local registry they won't be needing internet access.