github.com/rkt/rkt@v1.30.1-0.20200224141603-171c416fac02/Documentation/subcommands/fetch.md

github.com/rkt/rkt@v1.30.1-0.20200224141603-171c416fac02/Documentation/subcommands/fetch.md (about)

     1  # rkt fetch
     2  
     3  rkt uses HTTPS to locate and download remote ACIs and their attached signatures.
     4  If the ACI exists locally, it won't be re-downloaded.
     5  
     6  ## Fetch with Meta Discovery
     7  
     8  The easiest way to fetch an ACI is through meta discovery.
     9  rkt will find and download the ACI and signature from a location that the creator has published on their website.
    10  The [ACI discovery mechanism is detailed in the App Container specification][appc-discovery].
    11  
    12  If you have previously trusted the image creator, it will be downloaded and verified:
    13  
    14  ```
    15  # rkt fetch coreos.com/etcd:v2.0.0
    16  rkt: searching for app image coreos.com/etcd:v2.0.0
    17  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    18  Downloading aci: [=======================================      ] 3.25 MB/3.7 MB
    19  Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.sig
    20  rkt: signature verified:
    21    CoreOS ACI Builder <release@coreos.com>
    22  sha512-fa1cb92dc276b0f9bedf87981e61ecde
    23  ```
    24  
    25  If you haven't trusted the creator, it will be downloaded but not verified:
    26  
    27  ```
    28  # rkt fetch coreos.com/etcd:v2.0.0
    29  rkt: searching for app image coreos.com/etcd:v2.0.0
    30  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    31  Downloading aci: [=======================================      ] 3.25 MB/3.7 MB
    32  Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.sig
    33  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    34  sha512-fa1cb92dc276b0f9bedf87981e61ecde
    35  ```
    36  
    37  ## Fetch from Specific Location
    38  
    39  If you already know where an image is stored, you can fetch it directly:
    40  
    41  ```
    42  # rkt fetch https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    43  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    44  Downloading aci: [=======================================      ] 3.25 MB/3.7 MB
    45  Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.sig
    46  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    47  sha512-fa1cb92dc276b0f9bedf87981e61ecde
    48  ```
    49  
    50  ## Fetch from a Docker registry
    51  
    52  If you want to run an existing Docker image, you can fetch from a Docker registry.
    53  rkt will download and convert the image to ACI.
    54  
    55  ```
    56  # rkt --insecure-options=image fetch docker://busybox
    57  rkt: fetching image from docker://busybox
    58  rkt: warning: image signature verification has been disabled
    59  Downloading layer: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125
    60  Downloading layer: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2
    61  Downloading layer: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b
    62  Downloading layer: 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
    63  sha512-c4010045aec65aefa74770ef2bb648d9
    64  ```
    65  
    66  Docker images do not support signature verification.
    67  
    68  ## Image fetching behavior
    69  
    70  When fetching, rkt will try to avoid unnecessary network transfers.
    71  For example, if an image is already in the local store, rkt will use HTTP's ETag and Cache-Control to avoid downloading it again unless the image was updated on the remote server.
    72  
    73  This behavior can be changed by using the `--pull-policy` flag.
    74  Usage of this flag is detailed in the [image fetching behavior][img-fetch] documentation.
    75  
    76  ## Authentication
    77  
    78  If you want to download an image from a private repository, then you will often need to pass credentials to be able to access it.
    79  rkt currently supports authentication for fetching images via https:// or docker:// protocols.
    80  To specify credentials you will have to write some configuration files.
    81  You can find the format of the configuration file and examples in the [configuration documentation][configuration].
    82  Note that the configuration kind for images downloaded via https:// and images downloaded via docker:// is different.
    83  
    84  ## Options
    85  
    86  | Flag | Default | Options | Description |
    87  | --- | --- | --- | --- |
    88  | `--full` |  `false` | `true` or `false` | Print the full image hash after fetching |
    89  | `--signature` |  `` | A file path | Local signature file to use in validating the preceding image |
    90  | `--pull-policy` | `new` | `never`, `new`, or `update` | Sets the policy for when to fetch an image. See [image fetching behavior][img-fetch] |
    91  
    92  ## Global options
    93  
    94  See the table with [global options in general commands documentation][global-options].
    95  
    96  
    97  [appc-discovery]: https://github.com/appc/spec/blob/master/spec/discovery.md
    98  [configuration]: ../configuration.md
    99  [global-options]: ../commands.md#global-options
   100  [img-fetch]: ../image-fetching-behavior.md