Docker Hub is a cloud-based repository in which Docker users and partners create, test, store and distribute container images. Through Docker Hub, a user can access public, open source image repositories, as well as use a space to create their own private repositories, automated build functions, webhooks and work groups.
For example, a DevOps professional can download the official PostgreSQL object-relational database management system container image from Docker Hub to use in an application deployed in containers. Or, they can choose a customized RDBMS from their company's private repository.
Docker Hub is a cloud-hosted version of Docker Registry. A Docker user can opt for Docker Registry, which is a stateless, open source and scalable server-side application, if they prefer to maintain the storage and distribution of Docker images instead of relying on Docker's service.
How Docker Hub repositories work
Image repositories are spaces within Docker Hub wherein users upload and store container images. Public repositories enable users to share and collaborate on container images. Private repositories protect any sensitive or proprietary data from unauthorized persons.
To push an image to Docker Hub, a user must do the following:
- Set the environment variable in the Docker terminal to her Docker ID, which is the username shared between Docker Hub and Docker Cloud.
- Log into Docker Cloud with the docker login command.
- Tag the specified image using docker tag.
- Push the image to Docker Hub with docker push.
- Check Docker Cloud to ensure the image appears in her repository.
A user pulls an image from Docker Hub with the docker pull command.
Container images stored in repositories on Docker Hub feature tags, which categorize the images under relevant headings, such as the base OS version, container function and whether it is the most recent update of the image, with the designation latest.
If the images do not carry tags, :latest is used by default. Docker images can consist of multiple layers, which can be reused by images. For example, a user may have customized the 'latest' version of a RancherOS image -- rancher:user; pulling this image will pull both the latest version of the RancherOS image and the user's image's metadata -- but not the layers, because they are already downloaded via the rancher:latest image.
Images can also be pulled from Docker Hub as digests, which are immutable versions of an image that may not be the latest version. Pulling a digest ensures that the image in use is always the same. A digest name is used in place of a tag name in the docker pull command. Using image digests disallows Docker to pull any updates to the image, such as security improvements; any desired updates must be changed directly in the digest.
Additionally, a user may access images in other registries by specifying the designated registry path -- similar to a URL, but lacking a protocol specifier -- in the docker pull command. A user may also pull multiple images from a repository by adding -a or --all-tags to the docker pull command. Cancelling a pull requires the command CTRL-C while the docker pull command is running.
Docker Official Repositories provide base images for common programming languages, data volumes and OSes. These images are updated to include the most recent security and functionality patches. Software vendors can distribute official images via Docker's curated repos, or choose to share them with users via public corporate accounts on Docker Hub.
Docker Hub allows users to interact with each other through a comment system attached to repositories; comments are not supported on individual images. A user can also star repositories, a feature which acts as both a bookmarking system and a statement of appreciation.
Private repository owners have the option to give other users access to their repository. Collaborators only have access to push and pull images to and from the repository and cannot make any administrative changes.
Docker Hub provides users with a webhook feature. Webhooks are automated HTTP callbacks triggered by user-designated events. Docker Hub repository owners can use webhooks to notify any person, application or service that uses the respective images.
Webhooks are also capable of functioning in cascading chains. For example, a user uploads a new container image, which triggers a testing application or tool to run its test; if the test is successful, completion will trigger container deployment; the successful container deployment triggers a final webhook to log the changes in a separate tool.
Docker Hub pricing
The free version of Docker Hub allows for one private repository. Nonpaying users are otherwise restricted to public repositories.
Docker Inc. offers several paid plans, segmented by the number of private repositories and parallel builds allowed. The company also gives paid users Docker Security Scanning to check private repository images for security vulnerabilities or exposures.