有没有办法找到推送到 AWS ECR 的 Docker 镜像的使用年限?
当我使用 请求图像清单时aws ecr batch-get-image --repository some/repo --image-ids "imageDigest=sha256:abcdef...",它会返回带有嵌入清单的 AWS 回复。示例输出
{
"images": [
{
"registryId": "1234",
"imageId": {
"imageDigest": "sha256:abcdef...",
"imageTag": "latest"
}
},
"imageManifest": "<serialised JSON I'll paste below>"
"repositoryName": "some/repo"
}
],
"failures": []
}
AWS 响应中嵌入的序列化 JSON 如下所示:
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 123456,
"digest": "sha256:38f08cc551925935e235c5c94ab3fb89568bd286e3335aa2e05d7bd3ceee4574"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 573764,
"digest": "sha256:06dde66f337b57adcfca48b87d126b99a249765ccf2e09964584befc2890ae79"
}
]
}
我看不到任何元数据表明该图像何时被推送到 ECR。
答案1
事实证明我没有足够的权限(缺乏ecr:列表图像) 使用aws ecr describe-images。有了适当的权限,我可以运行该子命令并查看imagePushedAt。例如
{
"imageDetails": [
{
"imageDigest": "sha256:309b3ae71cf0780232cb013fb77507977625f8fe8cee868feca2649890ae073b",
"repositoryName": "somerepo/someimage",
"registryId": "12345",
"imagePushedAt": 1485358557.0,
"imageSizeInBytes": 8986900
},
{
"imageDigest": "sha256:036a5da0dd8ef4a949293818cb05d15aaa31f2e8d9f464f9376667be9919e646",
"repositoryName": "somerepo/someimage",
"registryId": "12345",
"imagePushedAt": 1485362799.0,
"imageSizeInBytes": 8986643
},
... and so on ...