I know it is possible to access the docker api and the following command works just fine:curl -s --unix-socket /var/run/docker.sock http:/v1.24/containers/$HOSTNAME/json | jq -r '.Image'
However, I would really like avoid exposing the docker.sock
to the container itself because it is part of a CI build. Is there any other way of retrieving the container image id / hash (i.e. 2acdef41a0c
) from within a container itself without exposing the docker.sock
and making a curl
request to it?
Maybe something like what's shown here Docker, how to get container information from within the container ?
You can pull it by image name and tag. You can replace the tag with a digest. My assumption is that digest is unique per repository so in this case, I am not sure why still the name is required when pulling the image.
The Docker image digest SHA is a critical piece of evidence that makes a container and the content unique. You get the Docker image digest SHA from an image stored in a docker registry. Easy to do if the image has been pulled, just run docker image ls <image> –digests.
A Docker image's ID is a digest, which contains an SHA256 hash of the image's JSON configuration object. Docker creates intermediate images during a local image build, for the purposes of maintaining a build cache. An image manifest is created and pushed to a Docker registry when an image is pushed.
This sets IMAGE env var inside a container:
docker run --rm -it -e IMAGE=$(docker images ubuntu:bionic --format {{.ID}}) ubuntu:bionic
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With