Inside a container registry: The mechanics of push and pull

You've come across containers, Dockerfiles, and registries. Containers have become ubiquitous today, and understanding how images are pushed or pulled from a registry is essential. An image consists of an index, manifest, config, and layers. The index outlines the platform-specific manifests, while the manifest contains the layer digests and config. Layers are compressed filesystems containing binaries and dependencies. To pull an image, clients fetch the tag index digest, index itself, platform manifest, config, and layers in this order. For private registries, clients obtain authorization information from a token server endpoint. The authentication mechanism is repeated for each component of the image. Pushing an image involves uploading components in reverse order, using either monolithic or chunked upload approaches.