-
Epic
-
Resolution: Done
-
Normal
-
rhel-9.5
-
[RHEL EPIC] Container tools support for OCI artifacts - RHEL 10.0 Beta
-
-
Red Hat Enterprise Linux
-
sst_container_tools
-
13
-
False
-
-
Yes
-
QE ack, Dev ack, Docs ack, PXE ack
-
Enhancement
-
-
Done
Description
SME: Nalin Dahyabhi
Non-image content can be added to OCI image manifests via the OCI artifacts specification, opening up numerous use cases and allowing us to use an OCI registry as generic blob storage.
Goals
Container tools should work with the OCI artifact use cases that our internal and external stakeholders require.
Requirements
Podman can add content as OCI artifacts to a manifest. Skopeo can retrieve artifacts from a registry.
SME: Nalin Dahyabhi
Initial Buildah PR: https://github.com/containers/buildah/pull/5301
From Nalin Dahyabhi
Typically, an image index is populated by running `podman manifest add`
or `buildah manifest add`, and providing it with the name of the image
index and the location of a container image to add to the index.
Newer versions of both tools now recognize a `--artifact` option, which
signifies that the item being specified for addition to the image index
is not a container image, but a local file which should be added to the
index as an artifact. Under the covers, an _artifact manifest_describing the file is generated and the image index is updated to list
the artifact manifest.
Files which are added to indexes as artifacts are not container images,
so they are not described using MIME types which are associated with
container images. The new `{}artifact-type` and `{-}-artifact-layer-type`
flags can be used to exercise control over which types are used, but
they are not required. Both `podman manifest inspect` and `buildah
manifest inspect` will now provide information about the contents of
artifact manifests which are listed in image indexes.
When an image index is pushed to a registry, the images and artifacts
which it lists are also pushed to the registry if either `buildah
manifest push` or `podman manifest push` are passed the `--all` flag, or
by default if `podman push` is used to push the index to the registry.
At this time, support for pushing artifacts and artifact manifests
directly, i.e., not only as items listed in image indexes, and support
for retrieving artifacts with `podman pull` or `buildah pull`, have not
been implemented.
SME: Nalin Dahyabhi
- clones
-
RHEL-33571 [RHEL EPIC] Container tools support for OCI artifacts - RHEL 10.0 Beta
- Closed