Introduction to Docker Pull
The ‘docker pull’ is a Docker command to download a Docker image or a repository locally on the host from a public or private registry. When we run any container and the specified Docker image is not present locally then it first pulls it from the registry. Most of the time images are downloaded from a public registry that is ‘hub.docker.com’ when we create our own custom Docker images as we use the official Docker image as a base image. There are different flags available in this command, however, a few are only works in the newer version.
docker pull [OPTIONS] NAME[:TAG|@DIGEST]
–all-tags, -a: It is used to download all images with different tags in that repository.
–disable-content-trust: It will skip image verification before pulling it.
–platform: It is used to set platform.
–quiet, -q: It is used to pull images silently (no verbose).
–help: It helps us to know more about the command if we forget.
docker pull --help
How Pull Command works in Docker?
When we run the pull command from the command line, it first checks locally or on the host for the images and if the image does not exist locally then the Docker daemon connects to the public registry ‘hub.docker.com’ if there is no private registry mentioned in the ‘daemon.json’ file and pulls the Docker image mentioned in the command and if it finds the image locally then it checks for the updates and downloads newer version of the image. It actually matches the digest of the image behind the scene. Also, if we don’t mention the tag then it pulls the image with the ‘latest’ tag by default.
If we are trying to access the registry behind the proxy server then we need to configure the Docker daemon’s proxy settings by setting environment variables on a host using systemd.
We can pull only 3 layers of an image simultaneously using this pull command by default and if we have to download an image having more layers then there might be a chance where it can throw a timeout issue if the internet connection is slow. We can adjust the ‘–max-concurrent-downloads’ option in the ‘daemon.json’ file.
Let’s understand the command with a few examples.
Scenario: – Different ways to pull Docker images from Docker Hub.
1. Pull the ‘alpine’ image without any tag as shown below:
docker pull alpine
In the above example, we can see that if we don’t provide any tag, the Docker daemon pulls the image with the ‘latest’ tag by default and pull the image only if there is an image that exists with the latest tag.
2. Pull image with a specific tag, for example, we will pull the same ‘alpine’ image with a different tag i.e. ‘edge’ as shown below: –
docker pull alpine:edge
In the above example, we can see that we have specified the tag after ‘:’ so we can specify any tag that you want to download, it might be a version like 3, 3.12, 3.12.0, etc. We can browse the public repository for available tags of any image.
3. We can even pull images by digest. We can see that there is a key called digest when we pull the images in the above examples, so we can use that digest to pull the image as shown below: –
docker pull alpine@sha256:3e92a8388546f6b15943678d323afdbbf1d950368264e0317b45e469dfa81d53
In the above example, we have pulled the ‘alpine:edge’ image but using the digest and we have to use ‘@’ after image name instead of ‘:’. Pulling the image using digest is very helpful if the application is supported to any specific Docker image because there is a newer version of the same image and with the same tag is getting updated so the application might break.
Let’s pull another image named ‘ubuntu’ using tag and digest as shown below: –
docker pull ubuntu:20.04
docker pull ubuntu@sha256:bc2f7250f69267c9c6b66d7b6a81a54d3878bb85f1ebb5f951c896d13e6ba537
In the above example, we have first used the tag to download the image and then used the digest of the same image to pull the image and we can see the status that says ‘Image is up to date …..’ because we are pulling the same image.
Scenario #1: Pull the Image from a Different Registry or Private Registry
- As we know, the pull command downloads images from Docker hub by default, however, we can pull images from our private registry or any different registry, just we have to specify the path of that registry while pulling the image from that registry, for example, if we already have a registry running as a container on the same server, we can use below command to pull Docker images from that local registry.
docker pull localhost:5000/alpine
In the above snapshot, we can see that we have first mentioned the path of the registry followed by repository name and then tag and the path is nothing but the URL of that server without a protocol specifier (https://).
The important thing is the image must be available on the private registry. For purpose of this example, first tagged an existing alpine image with the name ‘localhost:5000/alpine’ and pushed it to the local registry.
Scenario #2: Pull a Repository with all Available Tags
2. We can use the ‘–all-tags’ or ‘-a’ option to pull all images with different tags at once as the ‘docker pull’ command pulls only one image at a time by default and the command is shown as below: –
docker pull --all-tags alpine
In the above example, we can see that it has started downloading all the images with different tags from the ‘alpine’ repository. We can use the ‘ctrl+c’ keyboard shortcut to interrupt the pull. We can use the ‘docker image ls’ command to verify the same as shown in the below snapshot: –
docker image ls
Scenario #3: Pull the Docker Images which is not signed and content-trust is enabled
We can use the ‘–disable-content-trust’ option to download unverified images as shown below: –
docker pull localhost:5000/alpine
docker pull --disable-content-trust localhost:5000/alpine
In the above snapshot, we can see that the first command thrown an error while pulling the image as the image is not verified and the ‘DOCKER_CONTENT_TRUST’ is enabled, however, when we use the ‘—disable-content-trust’ option, we can pull the image without any error. By default, it is disabled so to test this scenario we can use the ‘export DOCKER_CONTENT_TRUST=1’ command to enable it.
Scenario #4: Pull the Image without any verbose output
We can use the ‘–quiet’ or ‘-q’ option to suppress the verbose output as shown below: –
docker pull -q nginx:alpine
In the above snapshot, we can see that output does not show the different layers that are downloaded or digest or status as we can see those if we pull the image without ‘-q’ option as shown in the below snapshot: –
docker pull nginx:alpine
Advantages of Docker Pull
- It helps to download the images from any registry, it might be a public registry or private registry.
- It can even pull the whole repository if required using the ‘–all-tags’ option.
- It helps to download unsigned Docker images, however, we should aware of risks while doing so.
This is a handy and frequently used command while working with Docker. The ‘–platform’ option only works with experimental features enabled as of now. It is not recommended to download unsigned Docker images if not familiar with the image, like how it works or what it does.
This is a Guide to Docker Pull. Here we discuss the introduction, Scenario, and How Pull Command work in Docker with examples respectively?. You may also have a look at the following articles to learn more –