search

fabric8io / docker-maven-plugin

Maven plugin for running and creating Docker images
https://dmp.fabric8.io
Apache License 2.0
1.87k stars 643 forks source link

Add support for docker-less image copy between OCI image registries #1587

Open mattrpav opened 2 years ago

mattrpav commented 2 years ago

Description

For redundancy and security purposes, it is often desirable to have a local copy of a container image in a private container registry. The pattern for doing this is to pull, retag and push an image to a private registry.

This pattern is also used as a way to separate production registry from non-production development cycles where the 'prod' registry only has images certified for production use

Info

Add the ability to use a docker-free approach for pulling, re-tagging and pushing images from a source OCI image registry to a target OCI image registry.

rhuss commented 2 years ago

Why would you pull the image you just created in the build again? I think the docker CLI is much better suited for general container image-related tasks (or podman, of course). Pushing an image with a different tag to another registry is supported via docker:push, you probably just need another profile with a different registry (or use a property override).

mattrpav commented 2 years ago

Hi @rhuss

This specifically not for a created image. For base images (ie.. ubuntu, openjdk, etc), where you want to clone the image to a private repo as a mirror.

The goal is to have 100% Java-based solution to reduce tooling footprint (remove Docker). Especially for CI/CD environments.

Also, for async promotion of images between registries (non-prod to prod, etc)

rhuss commented 2 years ago

Docker-maven-plugin still needs a Docker daemon (or something equivalent like Podman) to talk to if interacting with a registry. dmp never accesses a Docker registry directly, only via the Docker API. You can create images without a daemon by leveraging Jib, but not when interacting with a registry. So I'm afraid to have a 100% Java based solution would only work if dmp also would implement a connection to registry directly (like e.g. ko does for golang based images)

mattrpav commented 2 years ago

@rhuss got it. Sounds like first step might need to be a Java SDK for OCI registry API.

ref: https://github.com/opencontainers/distribution-spec/blob/main/spec.md

rhuss commented 2 years ago

@rhuss got it. Sounds like first step might need to be a Java SDK for OCI registry API.

Exactly. Unfortunately, I'm not aware of something like that yet (but currently I'm quite a bit away from Java these days anyway).