Building and tagging images are local operations. The end result of docker image build and docker image tag is a change to the image cache on the Docker Engine where you run the commands. Images need to be explicitly shared to a registry with the docker image push command.
Docker Hub is available for use without authenticating to pull public images, but to upload images (or pull private images), you need to register for an account. Registration is free at https://hub.docker.com/, which is where you can create a Docker ID that you can use on Docker Hub and other Docker services. Your Docker ID is how you authenticate with the Docker service to access Docker Hub. This is done through the docker login command:
> docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: sixeyed
Password:
Login Succeeded
To push images to Docker Hub, the repository name must contain your Docker ID as the account ID. You can tag an image locally using any account ID – like microsoft/my-app – but you can't push it to Microsoft's organization on the registry. The Docker ID you are logged in with needs to have permission to push to the account on the registry.
When I publish images to go along with this book, I build them with dockeronwindows as the account name in the repository. That's an organization on Docker Hub and my own user account, sixeyed, has access to push images to that organization. When I am logged in as sixeyed, I can push images to repositories belonging to sixeyed or dockeronwindows:
docker image push sixeyed/git:2.17.1-windowsservercore-ltsc2019
docker image push dockeronwindows/ch03-iis-healthcheck:2e
The output from the Docker CLI shows how the image is split into layers, and it tells you the upload status for each layer:
The push refers to repository [docker.io/dockeronwindows/ch03-iis-healthcheck]
55e5e4877d55: Layer already exists
b062c01c8395: Layer already exists
7927569daca5: Layer already exists
...
8df29e538807: Layer already exists
b42b16f07f81: Layer already exists
6afa5894851e: Layer already exists
4dbfee563a7a: Skipped foreign layer
c4d02418787d: Skipped foreign layer
2e: digest: sha256:ffbfb90911efb282549d91a81698498265f08b738ae417bc2ebeebfb12cbd7d6 size: 4291
You can't publish to another user's account, but you can tag another user's images with your own account name. This is a perfectly valid set of commands, which I could run if I wanted to download a specific version of the Windows Server Core image, give it a friendlier name, and make it available on the Hub under that new name in my account:
docker image pull mcr.microsoft.com/windows/servercore:1809_KB4480116_amd64
docker image tag mcr.microsoft.com/windows/servercore:1809_KB4480116_amd64 `
sixeyed/windowsservercore:2019-1811
docker image push sixeyed/windowsservercore:2019-1811
Pushing images to a registry doesn't get any more complex than that for the user, although, under the hood, Docker runs some smart logic. Image layering applies to registries as well as to the local image cache on the Docker host. When you push an image based on Windows Server Core to the Hub, Docker doesn't upload the 4 GB base image – it knows that the base layer already exists on MCR, and it will only upload the layers that are missing on the target registry.
The last example of tagging a public image and pushing it to the public Hub is valid but unlikely – you're much more likely to tag and push images to your own private registry.