Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for schema 2 image manifests #5187

Open
2 tasks
anchal-agrawal opened this issue May 19, 2017 · 3 comments
Open
2 tasks

Support for schema 2 image manifests #5187

anchal-agrawal opened this issue May 19, 2017 · 3 comments
Labels
area/docker Support for the Docker operations component/imagec impact/test/integration/enable The test is associated with a disabled integration test kind/debt Problems that increase the cost of other work kind/enhancement Behavior that was intended, but we want to make better priority/p2 team/container

Comments

@anchal-agrawal
Copy link
Contributor

anchal-agrawal commented May 19, 2017
edited
Loading

User Statement:

As a user of VIC engine, I should be able to use images with schema 2 manifests.

Details:

We currently rely on schema 1 fields to obtain image layers and fetch them. Most mainstream images still support schema 1, which is why this issue is not widely evident. For schema 2 manifests, the registry offers backward compatibility with schema 1:

If the manifest being requested uses the new format, and the appropriate media type is not present in an Accept header, the registry will assume that the client cannot handle the manifest as-is, and rewrite it on the fly into the old format.

However, while working on supporting pull-by-digest (#1186), I found that some images when pulled by digest do not offer schema 2 manifests even with the manifest request headers set appropriately. I've seen this issue with two images so far:

  • nginx@sha256:ebd2b85803e78100a582385f7eac56cd367561f0f2bab005f784cda95818d41f
  • busybox@sha256:c79345819a6882c31b41bc771d9a94fc52872fa651b36771fbe0c8461d7ee558 (digest of busybox:latest)

This issue will be masked till #1186 is closed because we pull by the latest tag when pull-by-digest is attempted, and I haven't yet found an image that, when pulled by name/tag, offers only a schema 2 manifest. With the current scope of #1186, we'll be able to pull images that offer schema 1 when pulled by digest. If an image when pulled by name/tag/digest offers only schema 2, the pull operation will fail.

We currently fetch the schema 2 manifest, but only use it to calculate the digest shasum. Estimated as a 5 because the work involves parsing the schema 2 manifest and fetching/building the image. Also, in the schema 2 manifest, layers are ordered opposite to schema 1's manifest.

Acceptance Criteria:

  • Imagec supports schema 2 manifests
  • Integration tests for schema 2 images
@anchal-agrawal anchal-agrawal added area/docker Support for the Docker operations component/imagec kind/enhancement Behavior that was intended, but we want to make better priority/p2 labels May 19, 2017
@anchal-agrawal anchal-agrawal mentioned this issue May 19, 2017
Merged
@anchal-agrawal anchal-agrawal added impact/doc/note Requires creation of or changes to an official release note impact/test/integration/enable The test is associated with a disabled integration test labels May 19, 2017
@anchal-agrawal anchal-agrawal mentioned this issue Jun 14, 2017
Closed
@hickeng hickeng added the kind/debt Problems that increase the cost of other work label Aug 8, 2017
@cgtexmex cgtexmex mentioned this issue Aug 25, 2017
Closed
@stuclem
Copy link
Contributor

stuclem commented Sep 12, 2017

A pitiful attempt at a release note:

  • Schema 2 image manifests not supported. #5187
    vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests.

@anchal-agrawal can you please provide a bit more info? Thanks!

@anchal-agrawal
Copy link
Contributor Author

@stuclem That looks good - we can add this sentence to the note:

If an image registry offers only the schema 2 manifest for an image, the pull operation will fail. This is most commonly seen when pulling an image by digest.

@stuclem
Copy link
Contributor

stuclem commented Sep 12, 2017

Added verbatim. Thanks @anchal-agrawal !

@stuclem stuclem removed the impact/doc/note Requires creation of or changes to an official release note label Sep 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/docker Support for the Docker operations component/imagec impact/test/integration/enable The test is associated with a disabled integration test kind/debt Problems that increase the cost of other work kind/enhancement Behavior that was intended, but we want to make better priority/p2 team/container
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hickeng @anchal-agrawal @stuclem