Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-33571

[RHEL EPIC] Container tools support for OCI artifacts - RHEL 10.0 Beta

    • [RHEL EPIC] Container tools support for OCI artifacts - RHEL 10.0 Beta
    • Hide

      The following needs to be verified in order for this epic to be considered complete:

      • TBD
      Show
      The following needs to be verified in order for this epic to be considered complete: TBD
    • Red Hat Enterprise Linux
    • rhel-sst-container-tools
    • 13
    • False
    • Hide

      None

      Show
      None
    • Yes
    • QE ack, Dev ack, Docs ack, PXE ack
    • Enhancement
    • Hide
      .Podman and Buildah support adding OCI artifacts to image indexes

      With this update, you can create artifact manifests and add them to image indexes.

      The `buildah manifest add` command now supports the following options:

      * the `--artifact` option to create artifact manifests
      * the `--artifact-type`, `--artifact-config-type`, `--artifact-layer-type`, `--artifact-exclude-titles`, and `--subject` options to finetune the contents of the artifact manifests it creates.

      The `buildah manifest annotate` command now supports the following options:

      * the `--index` option to set annotations on the index itself instead of a one of the entries in the image index
      * the `--subject` option for setting the subject field of an image index.

      The `buildah manifest create` command now supports the `--annotation` option to add annotations to the new image index.
      Show
      .Podman and Buildah support adding OCI artifacts to image indexes With this update, you can create artifact manifests and add them to image indexes. The `buildah manifest add` command now supports the following options: * the `--artifact` option to create artifact manifests * the `--artifact-type`, `--artifact-config-type`, `--artifact-layer-type`, `--artifact-exclude-titles`, and `--subject` options to finetune the contents of the artifact manifests it creates. The `buildah manifest annotate` command now supports the following options: * the `--index` option to set annotations on the index itself instead of a one of the entries in the image index * the `--subject` option for setting the subject field of an image index. The `buildah manifest create` command now supports the `--annotation` option to add annotations to the new image index.
    • Done

      Description

      SME: Nalin Dahyabhi

      Non-image content can be added to OCI image manifests via the OCI artifacts specification, opening up numerous use cases and allowing us to use an OCI registry as generic blob storage.

      Goals

      Container tools should work with the OCI artifact use cases that our internal and external stakeholders require.

      Requirements

      Podman can add content as OCI artifacts to a manifest. Skopeo can retrieve artifacts from a registry. 

       

      SME: Nalin Dahyabhi

      Initial Buildah PR: https://github.com/containers/buildah/pull/5301

      From Nalin Dahyabhi
      Typically, an image index is populated by running `podman manifest add`
      or `buildah manifest add`, and providing it with the name of the image
      index and the location of a container image to add to the index.

      Newer versions of both tools now recognize a `--artifact` option, which
      signifies that the item being specified for addition to the image index
      is not a container image, but a local file which should be added to the
      index as an artifact. Under the covers, an _artifact manifest_describing the file is generated and the image index is updated to list
      the artifact manifest.

      Files which are added to indexes as artifacts are not container images,
      so they are not described using MIME types which are associated with
      container images. The new `{}artifact-type` and `{-}-artifact-layer-type`
      flags can be used to exercise control over which types are used, but
      they are not required. Both `podman manifest inspect` and `buildah
      manifest inspect` will now provide information about the contents of
      artifact manifests which are listed in image indexes.

      When an image index is pushed to a registry, the images and artifacts
      which it lists are also pushed to the registry if either `buildah
      manifest push` or `podman manifest push` are passed the `--all` flag, or
      by default if `podman push` is used to push the index to the registry.

      At this time, support for pushing artifacts and artifact manifests
      directly, i.e., not only as items listed in image indexes, and support
      for retrieving artifacts with `podman pull` or `buildah pull`, have not
      been implemented.

       

      SME: Nalin Dahyabhi

              tsweeney@redhat.com Tom Sweeney
              tsweeney@redhat.com Tom Sweeney
              Container Runtime Eng Bot Container Runtime Eng Bot
              Container Runtime Bugs Bot Container Runtime Bugs Bot
              Gabriela Necasova Gabriela Necasova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: