Docker image in Container Registry
A Docker image is a template for creating Docker containers. It is an executable package that contains everything you need to run an application: code, runtime environment, libraries, environment variables, and configuration files.
A Docker image consists of layers. Each change is written to a new layer.
-
When pushing or pulling a Docker image, operations are performed only on the layers that were changed.
-
The layers of the source Docker image are shared by all its versions and are not duplicated.
Version control
Docker image version control is carried out using tags and digests.
A tag is assigned by the user. The tag must be unique within a single repository and can be changed. If no tag is specified, Docker CLI assigns the latest tag by default while pushing a Docker image to the registry.
Warning
The tag latest doesn't mean that the Docker image was the latest one pushed.
We don't recommend overwriting tags. Use a unique tag for each Docker image version. This way you can use the same Docker image version on all your VMs with identical specifications and more easily identify causes of problems.
A Docker image can have multiple tags. If you push a new version of the Docker image with an existing tag, it is going to be reused by being deleted from the old Docker image version and written to the new one.
A digest is generated automatically, is unique, and identifies the exact Docker image version.
You can access a specific Docker image version in one of the following ways:
<registry>/<image_name>:<tag><registry>/<image_name>@<digest>
A Docker image and all its versions are stored in a repository.
Use cases
- Running a Docker image on a VM
- Setting up a Yandex Managed Service for PostgreSQL connection from a Serverless Containers container
- Scanning vulnerabilities during continuous deployment of Managed Service for Kubernetes applications using GitLab
- Running a containerized app in Yandex Serverless Containers
- Configuring a fault-tolerant architecture in Yandex Cloud