你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Azure 容器注册表 .NET 客户端库 - 版本 1.1.0
Azure 容器注册表允许在专用注册表中存储和管理所有类型的容器部署的容器映像和项目。
使用 Azure 容器注册表客户端库执行以下操作:
- 列出注册表中的映像或项目
- 获取图像和项目、存储库和标记的元数据
- 设置注册表项的读取/写入/删除属性
- 删除图像和项目、存储库和标记
源代码 | 包 (NuGet) | API 参考文档 | REST API 文档 | 产品文档
入门
若要开发可连接到 Azure 容器注册表实例的 .NET 应用程序代码,则需要 Azure.Containers.ContainerRegistry 库。
安装包
使用 NuGet 安装适用于 .NET 的 Azure 容器注册表客户端库:
dotnet add package Azure.Containers.ContainerRegistry
先决条件
应用程序需要 Azure 订阅 和 容器注册表服务实例 才能连接到。
若要创建新的容器注册表,可以使用 Azure 门户、Azure PowerShell或 Azure CLI。 下面是使用 Azure CLI 创建新注册表的示例:
az acr create --name myregistry --resource-group myresourcegroup --location westus --sku Basic
验证客户端
若要使应用程序连接到注册表,需要创建一个可向其进行身份验证的 ContainerRegistryClient。 使用 Azure 标识库 可以轻松添加 Azure Active Directory 支持,以便使用相应的 Azure 服务对 Azure SDK 客户端进行身份验证。
在本地开发并调试应用程序时,可以使用自己的用户向注册表进行身份验证。 实现此目的的一种方式是向 Azure CLI 验证你的用户,并从该环境运行应用程序。 如果应用程序使用的客户端已构造为向 DefaultAzureCredential 进行身份验证,则它将正确地向指定终结点上的注册表进行身份验证。
// Create a ContainerRegistryClient that will authenticate to your registry through Azure Active Directory
Uri endpoint = new Uri("https://myregistry.azurecr.io");
ContainerRegistryClient client = new ContainerRegistryClient(endpoint, new DefaultAzureCredential(),
new ContainerRegistryClientOptions()
{
Audience = ContainerRegistryAudience.AzureResourceManagerPublicCloud
});
有关在本地和部署环境中使用 DefaultAzureCredential进行身份验证的更多方法,请参阅 Azure 标识自述文件。 若要连接到非公共 Azure 云中的注册表,请参阅以下示例。
有关将 AAD 与 Azure 容器注册表 配合使用的详细信息,请参阅服务的身份验证概述。
关键概念
注册表存储 Docker 映像和 OCI 项目。 映像或项目由清单和各层组成 。 图像清单描述构成图像的层,并由其 摘要唯一标识。 还可以对图像进行“标记”,为其提供可读别名。 图像或项目可以具有零个或多个与之关联的 标记 ,并且每个标记唯一标识图像。 共享同名但具有不同标记的映像集合称为 存储库。
有关详细信息,请参阅 容器注册表概念。
线程安全
我们保证所有客户端实例方法都是线程安全的,并且相互独立, (准则) 。 这可确保 重复使用客户端实例的建议 始终是安全的,即使跨线程也是如此。
其他概念
客户端选项 | 访问响应 | 长时间运行的操作 | 处理失败 | 诊断 | 嘲笑 | 客户端生存期
示例
以下代码片段演示了使用 ACR SDK 库的常见开发人员方案的简短示例。
请注意,每个示例都假定有一个 REGISTRY_ENDPOINT 环境变量设置为包含 https:// 前缀和登录服务器名称的字符串,例如“https://myregistry.azurecr.io"”。
同步示例
- 注册表操作:
异步示例
高级身份验证
注册表操作
此隔离包含 ContainerRegistryClient 示例。
列出存储库
循环访问注册表中的存储库集合。
// Get the service endpoint from the environment
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
// Create a new ContainerRegistryClient
ContainerRegistryClient client = new ContainerRegistryClient(endpoint, new DefaultAzureCredential());
// Get the collection of repository names from the registry
Pageable<string> repositories = client.GetRepositoryNames();
foreach (string repository in repositories)
{
Console.WriteLine(repository);
}
列出具有匿名访问的标记
// Get the service endpoint from the environment
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
// Create a new ContainerRegistryClient for anonymous access
ContainerRegistryClient client = new ContainerRegistryClient(endpoint);
// Obtain a RegistryArtifact object to get access to image operations
RegistryArtifact image = client.GetArtifact("library/hello-world", "latest");
// List the set of tags on the hello_world image tagged as "latest"
Pageable<ArtifactTagProperties> tags = image.GetAllTagProperties();
// Iterate through the image's tags, listing the tagged alias for the image
Console.WriteLine($"{image.FullyQualifiedReference} has the following aliases:");
foreach (ArtifactTagProperties tag in tags)
{
Console.WriteLine($" {image.RegistryEndpoint.Host}/{image.RepositoryName}:{tag}");
}
编辑项目属性
// Get the service endpoint from the environment
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
// Create a new ContainerRegistryClient and RegistryArtifact to access image operations
ContainerRegistryClient client = new ContainerRegistryClient(endpoint, new DefaultAzureCredential());
RegistryArtifact image = client.GetArtifact("library/hello-world", "latest");
// Set permissions on the v1 image's "latest" tag
image.UpdateTagProperties("latest", new ArtifactTagProperties()
{
CanWrite = false,
CanDelete = false
});
删除映像
// Get the service endpoint from the environment
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
// Create a new ContainerRegistryClient
ContainerRegistryClient client = new ContainerRegistryClient(endpoint, new DefaultAzureCredential());
// Iterate through repositories
Pageable<string> repositoryNames = client.GetRepositoryNames();
foreach (string repositoryName in repositoryNames)
{
ContainerRepository repository = client.GetRepository(repositoryName);
// Obtain the images ordered from newest to oldest
Pageable<ArtifactManifestProperties> imageManifests =
repository.GetAllManifestProperties(manifestOrder: ArtifactManifestOrder.LastUpdatedOnDescending);
// Delete images older than the first three.
foreach (ArtifactManifestProperties imageManifest in imageManifests.Skip(3))
{
RegistryArtifact image = repository.GetArtifact(imageManifest.Digest);
Console.WriteLine($"Deleting image with digest {imageManifest.Digest}.");
Console.WriteLine($" Deleting the following tags from the image: ");
foreach (var tagName in imageManifest.Tags)
{
Console.WriteLine($" {imageManifest.RepositoryName}:{tagName}");
image.DeleteTag(tagName);
}
image.Delete();
}
}
异步列出存储库
异步 API 与其同步 API 相同,但方法以标准 .NET“Async”后缀结尾,并返回一个 Task。
// Get the service endpoint from the environment
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
// Create a new ContainerRegistryClient
ContainerRegistryClient client = new ContainerRegistryClient(endpoint, new DefaultAzureCredential());
// Get the collection of repository names from the registry
AsyncPageable<string> repositories = client.GetRepositoryNamesAsync();
await foreach (string repository in repositories)
{
Console.WriteLine(repository);
}
以异步方式列出具有匿名访问的标记
// Get the service endpoint from the environment
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
// Create a new ContainerRegistryClient for anonymous access
ContainerRegistryClient client = new ContainerRegistryClient(endpoint);
// Obtain a RegistryArtifact object to get access to image operations
RegistryArtifact image = client.GetArtifact("library/hello-world", "latest");
// List the set of tags on the hello_world image tagged as "latest"
AsyncPageable<ArtifactTagProperties> tags = image.GetAllTagPropertiesAsync();
// Iterate through the image's tags, listing the tagged alias for the image
Console.WriteLine($"{image.FullyQualifiedReference} has the following aliases:");
await foreach (ArtifactTagProperties tag in tags)
{
Console.WriteLine($" {image.RegistryEndpoint.Host}/{image.RepositoryName}:{tag}");
}
异步设置项目属性
// Get the service endpoint from the environment
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
// Create a new ContainerRegistryClient and RegistryArtifact to access image operations
ContainerRegistryClient client = new ContainerRegistryClient(endpoint, new DefaultAzureCredential());
RegistryArtifact image = client.GetArtifact("library/hello-world", "v1");
// Set permissions on the image's "latest" tag
await image.UpdateTagPropertiesAsync("latest", new ArtifactTagProperties()
{
CanWrite = false,
CanDelete = false
});
异步删除映像
// Get the service endpoint from the environment
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
// Create a new ContainerRegistryClient
ContainerRegistryClient client = new ContainerRegistryClient(endpoint, new DefaultAzureCredential());
// Iterate through repositories
AsyncPageable<string> repositoryNames = client.GetRepositoryNamesAsync();
await foreach (string repositoryName in repositoryNames)
{
ContainerRepository repository = client.GetRepository(repositoryName);
// Obtain the images ordered from newest to oldest
AsyncPageable<ArtifactManifestProperties> imageManifests =
repository.GetAllManifestPropertiesAsync(manifestOrder: ArtifactManifestOrder.LastUpdatedOnDescending);
// Delete images older than the first three.
await foreach (ArtifactManifestProperties imageManifest in imageManifests.Skip(3))
{
RegistryArtifact image = repository.GetArtifact(imageManifest.Digest);
Console.WriteLine($"Deleting image with digest {imageManifest.Digest}.");
Console.WriteLine($" Deleting the following tags from the image: ");
foreach (var tagName in imageManifest.Tags)
{
Console.WriteLine($" {imageManifest.RepositoryName}:{tagName}");
await image.DeleteTagAsync(tagName);
}
await image.DeleteAsync();
}
}
Blob 和清单操作
本部分包含的示例 ContainerRegistryContentClient 演示如何上传和下载图像。
首先,创建 Blob 客户端。
// Get the service endpoint from the environment
Uri endpoint = new(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
string repository = "sample-oci-image";
string tag = "demo";
// Create a new ContainerRegistryContentClient
ContainerRegistryContentClient client = new(endpoint, repository, new DefaultAzureCredential());
上传图像
若要上传完整映像,需要上传单个层和配置。 之后,我们可以上传描述图像或项目的清单,并为其分配标记。
// Create a manifest to list files in this image
OciImageManifest manifest = new(schemaVersion: 2);
// Upload a config file
BinaryData config = BinaryData.FromString("Sample config");
UploadRegistryBlobResult uploadConfigResult = await client.UploadBlobAsync(config);
// Update manifest with config info
manifest.Configuration = new OciDescriptor()
{
Digest = uploadConfigResult.Digest,
SizeInBytes = uploadConfigResult.SizeInBytes,
MediaType = "application/vnd.oci.image.config.v1+json"
};
// Upload a layer file
BinaryData layer = BinaryData.FromString("Sample layer");
UploadRegistryBlobResult uploadLayerResult = await client.UploadBlobAsync(layer);
// Update manifest with layer info
manifest.Layers.Add(new OciDescriptor()
{
Digest = uploadLayerResult.Digest,
SizeInBytes = uploadLayerResult.SizeInBytes,
MediaType = "application/vnd.oci.image.layer.v1.tar"
});
// Finally, upload the manifest file
await client.SetManifestAsync(manifest, tag);
下载映像
若要下载完整映像,需要下载其清单,然后下载单个层和配置。
// Download the manifest to obtain the list of files in the image
GetManifestResult result = await client.GetManifestAsync(tag);
OciImageManifest manifest = result.Manifest.ToObjectFromJson<OciImageManifest>();
string manifestFile = Path.Combine(path, "manifest.json");
using (FileStream stream = File.Create(manifestFile))
{
await result.Manifest.ToStream().CopyToAsync(stream);
}
// Download and write out the config
DownloadRegistryBlobResult configBlob = await client.DownloadBlobContentAsync(manifest.Configuration.Digest);
string configFile = Path.Combine(path, "config.json");
using (FileStream stream = File.Create(configFile))
{
await configBlob.Content.ToStream().CopyToAsync(stream);
}
// Download and write out the layers
foreach (OciDescriptor layerInfo in manifest.Layers)
{
string layerFile = Path.Combine(path, TrimSha(layerInfo.Digest));
using (FileStream stream = File.Create(layerFile))
{
await client.DownloadBlobToAsync(layerInfo.Digest, stream);
}
}
static string TrimSha(string digest)
{
int index = digest.IndexOf(':');
if (index > -1)
{
return digest.Substring(index + 1);
}
return digest;
}
删除清单
GetManifestResult manifestResult = await client.GetManifestAsync(tag);
await client.DeleteManifestAsync(manifestResult.Digest);
删除 Blob
GetManifestResult result = await client.GetManifestAsync(tag);
OciImageManifest manifest = result.Manifest.ToObjectFromJson<OciImageManifest>();
foreach (OciDescriptor layerInfo in manifest.Layers)
{
await client.DeleteBlobAsync(layerInfo.Digest);
}
高级身份验证
在国家云中进行身份验证
若要使用 国家云中的注册表进行身份验证,需要对客户端配置进行以下添加:
AuthorityHost在凭据选项中或通过环境变量设置AZURE_AUTHORITY_HOST- 在 中
Audience设置ContainerRegistryClientOptions
// Create a ContainerRegistryClient that will authenticate through AAD in the China national cloud
Uri endpoint = new Uri(Environment.GetEnvironmentVariable("REGISTRY_ENDPOINT"));
ContainerRegistryClient client = new ContainerRegistryClient(endpoint,
new DefaultAzureCredential(
new DefaultAzureCredentialOptions()
{
AuthorityHost = AzureAuthorityHosts.AzureChina
}),
new ContainerRegistryClientOptions()
{
Audience = ContainerRegistryAudience.AzureChina
});
疑难解答
有关如何诊断各种故障方案的详细信息,请参阅故障排除 指南 。
后续步骤
- 进一步了解 Azure.Containers.ContainerRegistry 和 我们的示例。
- 观看 演示或深入探讨视频。
- 详细了解Azure 容器注册表服务。
贡献
本项目欢迎贡献和建议。 大多数贡献要求你同意贡献者许可协议 (CLA),并声明你有权(并且确实有权)授予我们使用你的贡献的权利。 有关详细信息,请访问 cla.microsoft.com。
此项目采用了 Microsoft 开放源代码行为准则。 有关详细信息,请参阅行为准则常见问题解答,或如果有任何其他问题或意见,请与 联系。
