-
Language:
English
-
Language:
English
Chapter 10. Downloading Squashed Docker Images
Docker images are composed of image layers which include all of the intermediary data used to reach their current state. When iterating on a solution locally on a developer’s machine, layers provide an efficient workflow.
There are scenarios, however, in which the layers cease to be efficient. For example, when deploying software to an ephemeral machine, that machine doesn’t care about the whole layer history, it just needs the end state of the image. This is why Quay.io supports Squashed Images.
10.1. Downloading a Squashed Image
To download a squashed image:
-
Navigate to the
Tags
tab of a QuayRepository View
. For an organization namedabcsales
and a repo namedmyweb
, the URL would behttps://quay.io/repository/abcsales/myweb?tab=tags
) on Quay.io. For a Red Hat Quay registry, replacequay.io
with your registry name. - On the left side of the table, click on the Fetch Tag icon for the tag you want to download. A modal dialog appears with a dropdown for specifying the desired format of the download.
-
Select
Squashed Docker Image
from the dropdown and then select a robot that has read permission to be able to pull the repository. -
Click on the
Copy Command
button. - Paste this command into a shell on the machine where you have a Docker service running.
-
Type
docker images
to see that the image is loaded and read to use.
10.2. Caveats & Warnings
10.2.1. Prime the cache!
When the first pull of a squashed image occurs, the registry streams the image as it is being flattened in real time. Afterwards, the end result is cached and served directly. Thus, it is recommended to pull the first squashed image on a developer machine before deploying, so that all of the production machines can pull the cached result.
10.2.2. Isn’t piping curl insecure?
You may be familiar with installers that pipe curl into bash (curl website.com/installer | /bin/bash
). These scripts are insecure because they allow arbitrary code execution. The Quay script to download squashed images uses curl
to download a tarball that is streamed into docker load
. This is just as secure as running docker pull
because it never executes anything we’ve downloaded from the internet.