/image-syncer

Docker image synchronization tool for Docker Registry V2 based services

Primary LanguageGoApache License 2.0Apache-2.0

image-syncer

workflow check workflow build Version Go Report Card Github All Releases codecov License

image-syncer is a docker registry tools. With image-syncer you can synchronize docker images from some source registries to target registries, which include most popular public docker registry services.

English | 简体中文

Features

  • Support for many-to-many registry synchronization
  • Supports docker registry services based on Docker Registry V2 (e.g., Alibaba Cloud Container Registry Service, Docker Hub, Quay.io, Harbor, etc.)
  • Network & Memory Only, don't rely on large disk storage, fast synchronization
  • Incremental Synchronization, use a disk file to record the synchronized image blobs' information
  • Concurrent Synchronization, adjustable goroutine numbers
  • Automatic Retries of Failed Sync Tasks, to resolve the network problems while synchronizing
  • Doesn't rely on Docker daemon or other programs

Usage

Install image-syncer

You can download latest binary release here

Compile Manually

go get github.com/AliyunContainerService/image-syncer
cd $GOPATH/github.com/AliyunContainerService/image-syncer

# This will create a binary file named image-syncer
make

Example

# Get usage information
./image-syncer -h

# With this command, configure file path is "./config.json", default target registry is "registry.cn-beijing.aliyuncs.com",
# default target namespace is "ruohe", 6 of goroutine numbers, every failed task will be retried 3 times.
./image-syncer --proc=6 --auth=./auth.json --images=./images.json --namespace=ruohe \
--registry=registry.cn-beijing.aliyuncs.com --retries=3

Configure Files

After v1.2.0, image-syncer supports both YAML and JSON format, and origin config file can be split into "auth" and "images" file. A full list of examples can be found under example, meanwhile the older version of configuration file is still supported via --config flag.

Authentication file

Authentication file holds all the authentication information for each registry, the following is an example of auth.json

{               
    // Authentication fields, each object has a URL as key and a username/password pair as value, 
    // if authentication object is not provided for a registry, access to the registry will be anonymous.
        
    "quay.io": {        // This "registry" or "registry/namespace" string should be the same as registry or registry/namespace used below in "images" field.  
                            // The format of "registry/namespace" will be more prior matched than "registry"
        "username": "xxx",       // Optional, if the value is a string of "${env}" or "$env", image-syncer will try to find the value in environment variables, after v1.3.1       
        "password": "xxxxxxxxx", // Optional, if the value is a string of "${env}" or "$env", image-syncer will try to find the value in environment variables, after v1.3.1
        "insecure": true         // "insecure" field needs to be true if this registry is a http service, default value is false, version of image-syncer need to be later than v1.0.1 to support this field
    },
    "registry.cn-beijing.aliyuncs.com": {
        "username": "xxx",
        "password": "xxxxxxxxx"
    },
    "registry.hub.docker.com": {
        "username": "xxx",
        "password": "xxxxxxxxxx"
    },
    "quay.io/coreos": {     // "registry/namespace" format is supported after v1.0.3 of image-syncer     
        "username": "abc",              
        "password": "xxxxxxxxx",
        "insecure": true  
    }
}

Image sync configuration file

Image sync configuration file defines all the image synchronization rules, the following is an example of images.json

{
    // Rules of image synchronization, each rule is a kv pair of source(key) and destination(value). 

    // The source of each rule should not be empty string.

    // If you need to synchronize images from one source to multi destinations, add more rules.

    // Both source and destination are docker image url (registry/namespace/repository:tag), 
    // with or without tags.

    // For both source and destination, if destination is not an empty string, "registry/namespace/repository" 
    // is needed at least.
    
    // You cannot synchronize a whole namespace or a registry but a repository for one rule at most.

    // The repository name and tag of destination can be deferent from source, which works like 
    // "docker pull + docker tag + docker push"

    "quay.io/coreos/kube-rbac-proxy": "quay.io/ruohe/kube-rbac-proxy",
    "xxxx":"xxxxx",
    "xxx/xxx/xx:tag1,tag2,tag3":"xxx/xxx/xx"

    // If a source doesn't include tags, it means all the tags of this repository need to be synchronized,
    // destination should not include tags at this moment.
    
    // Each source can include more than one tags, which is split by comma (e.g., "a/b/c:1", "a/b/c:1,2,3").

    // If a source includes just one tag (e.g., "a/b/c:1"), it means only one tag need to be synchronized;
    // at this moment, if the destination doesn't include a tag, synchronized image will keep the same tag.
    
    // When a source includes more than one tag (e.g., "a/b/c:1,2,3"), at this moment,
    // the destination should not include tags, synchronized images will keep the original tags.
    // e.g., "a/b/c:1,2,3":"x/y/z".
    
    // When a destination is an empty string, source will be synchronized to "default-registry/default-namespace"
    // with the same repository name and tags, default-registry and default-namespace can be set by both parameters
    // and environment variable.
}	

Parameters

-h  --help       usage information

    --config     set the path of config file, this file need to be created before starting synchronization, default
                 config file is at "current/working/directory/config.json". (This flag can be replaced with flag --auth
                 and --images which for better orgnization.)

    --auth       set the path of authentication file, this file need to be created before starting synchronization, default
                 config file is at "current/working/directory/auth.json". This flag need to be pair used with --images.

    --images     set the path of image rules file, this file need to be created before starting synchronization, default
                 config file is at "current/working/directory/images.json". This flag need to be pair used with --auth.

    --log        set the path of log file, logs will be printed to Stderr by default 

    --namespace  set default-namespace, default-namespace can also be set by environment variable "DEFAULT_NAMESPACE",
                 if they are both set at the same time, "DEFAULT_NAMESPACE" will not work at this synchronization,
                 default-namespace will work only if default-registry is not empty.

    --registry   set default-registry, default-registry can also be set by environment variable "DEFAULT_REGISTRY",
                 if they are both set at the same time, "DEFAULT_REGISTRY" will not work at this synchronization, 
                 default-registry will work only if default-namespace is not empty.

    --proc       number of goroutines, default value is 5

    --records    image-syncer will record the information of synchronized image blobs to a disk file, this parameter will
                 set the path of the records file, default path is "current/working/directory/records", a records file can be 
                 reused to make incremental synchronization if it is really generated by yourself. image-syncer remove the 
                 dependence of records file after v1.1.0

    --retries    number of retries, default value is 2, the retries of failed sync tasks will start after all sync tasks
                 are executed once, reties of failed sync tasks will resolve most occasional network problems during 
                 synchronization

    --os         os list to filter source tags, not works for docker v2 schema1 media, takes no effect if empty
    
    --arch       architecture list to filter source tags, takes no effect if empty

FAQs

Frequently asked questions are listed in FAQs