NAME¶ 名称
podman-push - Push an image, manifest list or image index from local storage to elsewhere
podman-push - 将图像、清单列表或图像索引从本地存储推送到其他地方
SYNOPSIS¶ 概要
podman push [options] image [destination]
podman push [选项] 图像 [目的地]
podman image push [options] image [destination]
podman image push [选项] 图像 [目的地]
DESCRIPTION¶ 描述
Pushes an image, manifest list or image index from local storage to a specified
destination.
将图像、清单列表或图像索引从本地存储推送到指定目的地。
Image storage¶ 图像存储
Images are pushed from those stored in local image storage.
图像是从本地图像存储中推送的。
DESTINATION¶ 目的地
DESTINATION is the location the container image is pushed to. It supports all transports from containers-transports(5). If no transport is specified, the docker (i.e., container registry) transport is used. For remote clients, including Mac and Windows (excluding WSL2) machines, docker is the only supported transport.
目的地是容器镜像推送到的位置。它支持来自 containers-transports(5) 的所有传输。如果未指定传输方式,则使用 docker (即容器注册表)传输。对于远程客户端,包括 Mac 和 Windows(不包括 WSL2)机器, docker 是唯一支持的传输方式。
# Push to a container registry
$ podman push quay.io/podman/stable
# Push to a container registry via the docker transport
$ podman push docker://quay.io/podman/stable
# Push to a container registry with another tag
$ podman push myimage quay.io/username/myimage
# Push to a local directory
$ podman push myimage dir:/tmp/myimage
# Push to a tarball in the docker-archive format
$ podman push myimage docker-archive:/tmp/myimage
# Push to a local docker daemon
$ sudo podman push myimage docker-daemon:docker.io/library/myimage:33
# Push to a tarball in the OCI format
$ podman push myimage oci-archive:/tmp/myimage
OPTIONS¶ 选项
--authfile=path¶
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json on Linux, and $HOME/.config/containers/auth.json on Windows/macOS.
The file is created by podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login.
认证文件的路径。在 Linux 上默认为 ${XDG_RUNTIME_DIR}/containers/auth.json ,在 Windows/macOS 上默认为 $HOME/.config/containers/auth.json 。该文件由 podman login 创建。如果授权状态未在那里找到,则会检查 $HOME/.docker/config.json ,该值是使用 docker login 设置的。
Note: There is also the option to override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. This can be done with export REGISTRY_AUTH_FILE=path.
注意:还有一种选择,可以通过设置 REGISTRY_AUTH_FILE 环境变量来覆盖认证文件的默认路径。可以通过 export REGISTRY_AUTH_FILE=path 来实现。
--cert-dir=path¶
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. (Default: /etc/containers/certs.d)
For details, see containers-certs.d(5).
(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
使用证书路径(*.crt, *.cert, *.key)连接到注册表。 (默认值:/etc/containers/certs.d)有关详细信息,请参阅 containers-certs.d(5)。 (此选项不适用于远程 Podman 客户端,包括 Mac 和 Windows(不包括 WSL2)机器)
--compress¶ --压缩
Compress tarball image layers when pushing to a directory using the ‘dir’ transport. (default is same compression type, compressed or uncompressed, as source)
在使用“dir”传输时,将 tarball 图像层压缩以推送到目录中。(默认与源相同的压缩类型,压缩或未压缩)
Note: This flag can only be set when using the dir transport
注意:此标志仅在使用 dir 传输时才能设置
--compression-format=gzip | zstd | zstd:chunked¶
Specifies the compression format to use. Supported values are: gzip, zstd and zstd:chunked. The default is gzip unless overridden in the containers.conf file.
指定要使用的压缩格式。支持的值为: gzip , zstd 和 zstd:chunked 。除非在 containers.conf 文件中被覆盖,否则默认值为 gzip 。
--compression-level=level¶
Specifies the compression level to use. The value is specific to the compression algorithm used, e.g. for zstd the accepted values are in the range 1-20 (inclusive) with a default of 3, while for gzip it is 1-9 (inclusive) and has a default of 5.
指定要使用的压缩级别。该值特定于所使用的压缩算法,例如对于 zstd,接受的值在范围 1-20(包括 1 和 20)之间,默认值为 3;而对于 gzip,接受的值在范围 1-9(包括 1 和 9)之间,默认值为 5。
--creds=[username[:password]]¶
--creds=[用户名[:密码]] ¶
The [username[:password]] to use to authenticate with the registry, if required.
If one or both values are not supplied, a command line prompt appears and the
value can be entered. The password is entered without echo.
如果需要,用于与注册表进行身份验证的[用户名[:密码]]。如果一个或两个值未提供,将出现命令行提示,并可以输入该值。密码输入时不会显示。
Note that the specified credentials are only used to authenticate against
target registries. They are not used for mirrors or when the registry gets
rewritten (see containers-registries.conf(5)); to authenticate against those
consider using a containers-auth.json(5) file.
请注意,指定的凭据仅用于对目标注册表进行身份验证。它们不用于镜像或注册表被重写时(请参阅 containers-registries.conf(5) );要对其进行身份验证,请考虑使用 containers-auth.json(5) 文件。
--digestfile=Digestfile¶
After copying the image, write the digest of the resulting image to the file.
复制图像后,将生成的图像的摘要写入文件。
--disable-content-trust¶
This is a Docker-specific option to disable image verification to a container
registry and is not supported by Podman. This option is a NOOP and provided
solely for scripting compatibility.
这是一个 Docker 特定选项,用于禁用对容器注册表的镜像验证,不受 Podman 支持。此选项是一个 NOOP,并且仅用于脚本兼容性。
--encrypt-layer=layer(s)¶
Layer(s) to encrypt: 0-indexed layer indices with support for negative indexing (e.g. 0 is the first layer, -1 is the last layer). If not defined, encrypts all layers if encryption-key flag is specified.
要加密的层:支持负索引的 0 索引层索引(例如,0 是第一层,-1 是最后一层)。如果未定义,则在指定 encryption-key 标志时加密所有层。
--encryption-key=key¶
The [protocol:keyfile] specifies the encryption protocol, which can be JWE (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material required for image encryption. For instance, jwe:/path/to/key.pem or pgp:admin@example.com or pkcs7:/path/to/x509-file.
[protocol:keyfile] 指定加密协议,可以是 JWE(RFC7516)、PGP(RFC4880)和 PKCS7(RFC2315),以及图像加密所需的密钥材料。例如,jwe:/path/to/key.pem 或 pgp:admin@example.com 或 pkcs7:/path/to/x509-file。
--force-compression¶
If set, push uses the specified compression algorithm even if the destination contains a differently-compressed variant already.
Defaults to true if --compression-format is explicitly specified on the command-line, false otherwise.
如果设置,即使目标已包含不同压缩变体,推送也会使用指定的压缩算法。如果在命令行上明确指定了 --compression-format ,则默认为 true ,否则为 false 。
--format, -f=format¶
Manifest Type (oci, v2s2, or v2s1) to use when pushing an image.
用于推送镜像时使用的清单类型(oci、v2s2 或 v2s1)。
--quiet, -q¶
When writing the output image, suppress progress output
写入输出镜像时,抑制进度输出。
--remove-signatures¶
Discard any pre-existing signatures in the image.
丢弃镜像中任何现有的签名。
--retry=attempts¶
Number of times to retry pulling or pushing images between the registry and
local storage in case of failure. Default is 3.
在发生失败时,重试在注册表和本地存储之间拉取或推送镜像的次数。默认值为 3。
--retry-delay=duration¶ --retry-delay=持续时间 ¶
Duration of delay between retry attempts when pulling or pushing images between
the registry and local storage in case of failure. The default is to start at two seconds and then exponentially back off. The delay is used when this value is set, and no exponential back off occurs.
在发生失败时,拉取或推送镜像在注册表和本地存储之间重试尝试之间的延迟持续时间。默认值是从两秒开始,然后指数级地减少。当设置了此值且没有指数级减少时,将使用延迟。
--sign-by=key¶
Add a “simple signing” signature at the destination using the specified key. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
使用指定的密钥在目标位置添加“简单签名”签名。(此选项不适用于远程 Podman 客户端,包括 Mac 和 Windows(不包括 WSL2)机器)
--sign-by-sigstore=param-file¶
Add a sigstore signature based on further options specified in a container’s sigstore signing parameter file param-file.
See containers-sigstore-signing-params.yaml(5) for details about the file format.
根据容器的 sigstore 签名参数文件 param-file 中进一步指定的选项添加 sigstore 签名。有关文件格式的详细信息,请参阅 containers-sigstore-signing-params.yaml(5)。
--sign-by-sigstore-private-key=path¶
--使用指定路径的私钥对推送的镜像进行 sigstore 签名
Add a sigstore signature at the destination using a private key at the specified path. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
在目标位置使用指定路径上的私钥添加 sigstore 签名。(此选项不适用于远程 Podman 客户端,包括 Mac 和 Windows(不包括 WSL2)机器)
--sign-passphrase-file=path¶
--sign-passphrase-file=path
If signing the image (using either --sign-by or --sign-by-sigstore-private-key), read the passphrase to use from the specified path.
如果签署图像(使用 --sign-by 或 --sign-by-sigstore-private-key),请从指定路径读取要使用的密码。
--tls-verify¶
Require HTTPS and verify certificates when contacting registries (default: true).
If explicitly set to true, TLS verification is used.
If set to false, TLS verification is not used.
If not specified, TLS verification is used unless the target registry
is listed as an insecure registry in containers-registries.conf(5)
在联系注册表时需要 HTTPS 并验证证书(默认值为 true)。如果显式设置为 true,则使用 TLS 验证。如果设置为 false,则不使用 TLS 验证。如果未指定,则除非目标注册表在 containers-registries.conf(5) 中被列为不安全注册表,否则将使用 TLS 验证。
EXAMPLE¶ 例子 ¶
Push the specified image to a local directory:
将指定的镜像推送到本地目录:
# podman push imageID dir:/path/to/image
Push the specified image to a local directory in OCI format:
将指定的镜像以 OCI 格式推送到本地目录:
# podman push imageID oci-archive:/path/to/layout:image:tag
Push the specified image to a container registry:
将指定的镜像推送到容器注册表:
# podman push imageID docker://registry.example.com/repository:tag
Push the specified image to a container registry and save the digest in the specified file:
将指定的镜像推送到容器注册表,并将摘要保存在指定的文件中:
# podman push --digestfile=/tmp/mydigest imageID docker://registry.example.com/repository:tag
Push the specified image into the local Docker daemon container store:
将指定的镜像推送到本地 Docker 守护程序容器存储中:
# podman push imageID docker-daemon:image:tag
Push the specified image with a different image name using credentials from an alternate authfile path:
使用来自替代 authfile 路径的凭据,将指定的镜像推送为不同的镜像名称:
# podman push --authfile temp-auths/myauths.json alpine docker://docker.io/umohnani/alpine
Getting image source signatures
Copying blob sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0
4.03 MB / 4.03 MB [========================================================] 1s
Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
1.41 KB / 1.41 KB [========================================================] 1s
Writing manifest to image destination
Storing signatures
Push the specified image to a local directory as an OCI image:
将指定的镜像推送到本地目录作为 OCI 镜像:
# podman push --format oci registry.access.redhat.com/rhel7 dir:rhel7-dir
Getting image source signatures
Copying blob sha256:9cadd93b16ff2a0c51ac967ea2abfadfac50cfa3af8b5bf983d89b8f8647f3e4
71.41 MB / 71.41 MB [======================================================] 9s
Copying blob sha256:4aa565ad8b7a87248163ce7dba1dd3894821aac97e846b932ff6b8ef9a8a508a
1.21 KB / 1.21 KB [========================================================] 0s
Copying config sha256:f1b09a81455c351eaa484b61aacd048ab613c08e4c5d1da80c4c46301b03cf3b
3.01 KB / 3.01 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
SEE ALSO¶ 参见 ¶
podman(1), podman-pull(1), podman-login(1), containers-certs.d(5), containers-registries.conf(5), containers-transports(5)