search

docker / roadmap

Welcome to the Public Roadmap for All Things Docker! We welcome your ideas.
https://github.com/docker/roadmap/projects/1
Creative Commons Zero v1.0 Universal
1.46k stars 246 forks source link

Support OCI artifacts on Docker Hub #135

Closed jdolitsky closed 1 year ago

jdolitsky commented 3 years ago

Tell us about your request Want to use Helm to publish chart packages to Docker Hub

Which service(s) is this request for? Docker Hub

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? The Helm CLI has the client-side capability to publish to registries, but the resulting manifests and/or blobs are incompatible with Docker Hub in some way, resulting in 403 Forbidden:

$ export HELM_EXPERIMENTAL_OCI=1

$ helm create blueberry
Creating blueberry

$ helm chart save blueberry/ docker.io/jdolitsky/blueberry
ref:     docker.io/jdolitsky/blueberry:0.1.0
digest:  28c467b21b3e00c5b44f39af3bc9a476459fa638b20d12dd00ef9ea1cc289607
size:    3.5 KiB
name:    blueberry
version: 0.1.0
0.1.0: saved

$ helm chart list
REF                                 NAME        VERSION DIGEST  SIZE    CREATED
docker.io/jdolitsky/blueberry:0.1.0 blueberry   0.1.0   28c467b 3.5 KiB 4 seconds

$ helm chart push docker.io/jdolitsky/blueberry:0.1.0
The push refers to repository [docker.io/jdolitsky/blueberry]
ref:     docker.io/jdolitsky/blueberry:0.1.0
digest:  59ee25b5e4823d594a86523ba76fd0d096574ac28f4576134bdc03c76fb2bf83
size:    3.5 KiB
name:    blueberry
version: 0.1.0
Error: failed commit on ref "manifest-sha256:582dd85d48f085f1b705700a94ccdc00c4f60bb588ccba8a9e8487c6a83666b0": unexpected status: 403 Forbidden

This appears to be the failed request:

digest="sha256:582dd85d48f085f1b705700a94ccdc00c4f60bb588ccba8a9e8487c6a83666b0" 
mediatype=application/vnd.oci.image.manifest.v1+json 
request.header.content-type=application/vnd.oci.image.manifest.v1+json 
request.header.user-agent=containerd/1.3.2+unknown 
request.method=PUT 
size=322 
url="https://registry-1.docker.io/v2/jdolitsky/blueberry/manifests/0.1.0"

Are you currently working around the issue? No

Additional context More information about Helm chart manifests etc: https://helm.sh/docs/topics/registries/#where-are-my-charts

arbus1234 commented 3 years ago

Got similar problem though different msg:


helm chart push docker.io/testttt/test-helm:0.1.0
The push refers to repository [docker.io/testttt/test-helm]
ref:     docker.io/reversinglabs/test-helm:0.1.0
digest:  43a88d28f57d12243e507ba6ba3586c821bc995b1acaa7740137cb8133f00433
size:    3.5 KiB
name:    test-helm
version: 0.1.0
Error: server message: insufficient_scope: authorization failed
arbus1234 commented 3 years ago

My error is "401 Unauthorized" when I turn on debug.

teu commented 3 years ago

I am also getting the exact same 403 issue with AWS ECR which should also support this option according to https://docs.aws.amazon.com/AmazonECR/latest/userguide/push-oci-artifact.html

ronenl3 commented 2 years ago

I see the same error when trying to push a chart to DockerHub. Any news regarding this?

justincormack commented 2 years ago

Renamed this issue as OCI artifacts support, as we plan to support all artifacts not just Helm charts here.

SteveLasker commented 2 years ago

Thanks @justincormack, this is great news to see Docker Hub support coming for OCI Artifacts

MarcStdt commented 2 years ago

This would be an awesome feature. That is currently the only reason, why we are not using dockerhub. Is there any ETA on this feature?

adrianmxb commented 2 years ago

any ETA?

AlexDering-Docker commented 2 years ago

Hello! πŸ‘‹ To provide you with an update, we have ongoing work happening right now to support OCI artifacts on Docker Hub and hope to have something out soon 😊

arbus1234 commented 2 years ago

Very good news thanks πŸ™‚

pet, 27. svi 2022. 17:50 AlexDering-Docker @.***> je napisao:

Hello! πŸ‘‹ To provide you with an update, we have ongoing work happening right now to support OCI artifacts on Docker Hub and hope to have something out soon 😊

β€” Reply to this email directly, view it on GitHub https://github.com/docker/roadmap/issues/135#issuecomment-1139741934, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADBPY7ODYTU7XAVIRXJSPSDVMDVMBANCNFSM4OW3CP7A . You are receiving this because you commented.Message ID: @.***>

ruggi commented 1 year ago

Hey all πŸ‘‹ small update since https://github.com/docker/roadmap/issues/135#issuecomment-1139741934: we're actively working on this, and it's progressing nicely. The first iteration should be ready not too far in the future, we're almost there πŸ˜‰

milosgajdos commented 1 year ago

This has now been shipped https://www.docker.com/blog/announcing-docker-hub-oci-artifacts-support/

Enjoy and please report back!

staffanf commented 1 year ago

@milosgajdos I there an issue that tracks implementation of the Referrers API as mention in your blog post?

I'm testing out ORAS and it was not immediately obvious that oras attach will not work with docker hub.

milosgajdos commented 1 year ago

@staffanf there is none, yet, not. Feel free to create one, but mind you, until OCI cuts a release we won't be providing support for it. There have been a lot of disagreements around OCI artifact manifests that eventually got removed (see https://github.com/opencontainers/image-spec/pull/999), so we've chosen to wait until the specification is properly agreed upon and the stable release is announced.

staffanf commented 1 year ago

@milosgajdos Thanks for the clarification. After having read through a number of issues and PRs in the image-spec and I understand that there is some work left before 1.1 is final.

I rather wait for things to settle and I'm sure you will implement soon after it is released.