Master Docker Image Management: Search, Pull, Tag, Export, and Registry Publishing

Docker Image Operations

Docker provides a set of commands to manage images. Use docker search to find official images, for example:

[root@docker02 ~]# docker search centos
NAME    DESCRIPTION                     STARS  OFFICIAL  AUTOMATED
centos  The official build of CentOS.   3992   [OK]
ansible/centos7-ansible  Ansible on Centos7  105

Pull an image with docker pull <repository[:tag]>. If no tag is specified, latest is used.

[root@docker02 ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
...

List local images:

[root@docker01 ~]# docker image list
REPOSITORY  TAG     IMAGE ID      CREATED        SIZE
centos      latest  ff426288ea90  3 weeks ago    207MB
nginx       latest  3f8a4339aadd  5 weeks ago    108MB

Export an image to a tar file and import it on another host:

# Export
[root@docker01 ~]# docker image save centos > docker-centos.tar.gz
# Import
[root@docker01 ~]# docker image load -i docker-centos.tar.gz

Delete images using either the repository:tag syntax or the image ID. If a container is using the image, remove the containers first.

# Delete by tag
[root@docker01 ~]# docker rmi centos:latest
# Delete by ID
[root@docker01 ~]# docker rmi ff426288ea90

Inspect image details (stored under /var/lib/docker) to view fields such as REPOSITORY, TAG, IMAGE ID, CREATED, and SIZE. REPOSITORY: image source repository TAG: label for different builds IMAGE ID: unique identifier CREATED: creation timestamp SIZE: image size

Add a new tag to a local image:

# Tagging
[root@docker01 ~]# docker tag centos:latest myrepo/centos:1.0

Creating Custom Images

Start an interactive container, install additional software, then commit the container as a new image:

Run a base container: docker run -it centos Install vim: yum install -y vim Exit the container.

Find the container ID with docker container ls -a.

Commit the container: docker commit <container_id> myrepo/centos-vim Verify the new image appears in docker images.

Dockerfile‑Based Image Build

A Dockerfile defines the steps to assemble an image. Common directives include: FROM: base image MAINTAINER: author information RUN: commands executed during build ADD / COPY: copy files into the image (COPY is preferred) WORKDIR: set working directory VOLUME: declare mount points EXPOSE: declare listening ports ENV: set environment variables ARG: build‑time arguments LABEL: add metadata ENTRYPOINT and CMD: define container start command (last CMD or ENTRYPOINT wins)

Example Dockerfile that installs kodexplorer on CentOS 6.8:

FROM centos:6.8
RUN yum install -y wget unzip php php-gd php-mbstring && yum clean all
WORKDIR /var/www/html/
RUN wget -c http://static.kodcloud.com/update/download/kodexplorer4.25.zip
RUN unzip kodexplorer4.25.zip && rm -f kodexplorer4.25.zip
RUN chown -R apache.apache .
CMD ["/usr/sbin/apachectl","-D","FOREGROUND"]

Build and run the image:

# Build
[root@docker01 base]# docker build -t centos6.8-ssh .
# Run
[root@docker01 base]# docker run -d -p 2022:22 centos6.8-ssh

Publishing Docker Images

Public Docker Hub

After logging in with docker login, tag the image with your Docker Hub username and push it:

# Tag
[root@docker01 ~]# docker tag chaoyu/centos-vim peng104/centos-vim
# Push
[root@docker01 ~]# docker push peng104/centos-vim:latest

Private Registry

Run the official registry image to host a private repository:

# Pull registry image
[root@docker01 ~]# docker pull registry
# Start container on port 5000 with a data volume
[root@docker01 ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry

Configure Docker to allow insecure HTTP pushes by editing /etc/docker/daemon.json and restarting the daemon.

{
  "insecure-registries": ["192.168.11.37:5000"]
}
# Restart Docker
systemctl restart docker

Tag and push an image to the private registry:

# Tag for private registry
[root@docker01 ~]# docker tag centos:6.8 192.168.11.37:5000/centos6.8
# Push
[root@docker01 ~]# docker push 192.168.11.37:5000/centos6.8

Registry with Basic Authentication

Install httpd-tools to generate an htpasswd file, then start the registry with authentication variables:

# Install tools
[root@docker01 ~]# yum install -y httpd-tools
# Create password file
mkdir -p /opt/registry-var/auth && htpasswd -Bbn clsn 123456 > /opt/registry-var/auth/htpasswd
# Run registry with auth
[root@docker01 ~]# docker run -d -p 5000:5000 \
  -v /opt/registry-var/auth/:/auth/ \
  -e REGISTRY_AUTH=htpasswd \
  -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  registry

Login and push an image:

# Login
[root@docker01 ~]# docker login 10.0.0.100:5000
Username: clsn
Password: 123456
# Push
[root@docker01 ~]# docker push 10.0.0.100:5000/clsn/busybox

Harbor (Enterprise‑grade Registry)

Harbor provides a web UI, project management, and role‑based access. Install Docker and Docker‑Compose, download the offline installer, configure harbor.cfg with hostname and admin password, then run the install script.

# Download and extract
cd /opt && wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.3.0.tgz
 tar xf harbor-offline-installer-v1.3.0.tgz
# Edit configuration
vim harbor/harbor.cfg   # set hostname and admin password
# Install
cd harbor && ./install.sh

After installation, access the UI (e.g., http://10.0.0.11), create a project, tag an image with the project path, and push it:

# Tag for Harbor project
[root@docker02 ~]# docker tag centos:6.8 10.0.0.100/clsn/centos6.8:1.0
# Login to Harbor
[root@docker02 ~]# docker login 10.0.0.100
Username: admin
Password: ****
# Push
[root@docker02 ~]# docker push 10.0.0.100/clsn/centos6.8

This comprehensive workflow enables developers and operations teams to manage Docker images efficiently, from creation and customization to secure distribution across public and private registries.