Open everflux opened 3 years ago
yan-foto
commented
3 years ago This module relies on distribution to communicate with a registry. I have no experience with Google Jib or OCI images in general, but do they use the same API? Have you tried adding the header and see what happens?
everflux
commented
3 years ago Thanks for the quick reply! I checked the referenced module version, it says 2.7.1 - in the changelog of districution OCI support for 2.7.0 is explicitly mentioned: https://github.com/distribution/distribution/releases/tag/v2.7.0 This should be in 2.7.1 of distribution as well.
yan-foto
commented
3 years ago Do you care to submit a PR? I'm not going to be able to implement this any soon! Sorry!
everflux
commented
3 years ago Thanks for the update - I am not a go developer, unfortunately. Besides: I have no idea what the problem is, since you already reference the current distribution version which states that OCI is supported. So it might not be a simple dependency update after all.
yan-foto
commented
3 years ago If I understand the problem correctly (reading your logs), I suppose the answer is as easy as adding the custom headers to each HTTP request. This can be done using the context. For details, I also need to dive a bit deeper.
elchenberg
commented
2 years ago I changed the log output to get better error messages (e.g. tagLogger.Errorf("Could not fetch tag! %v", err)):
time="2022-06-13T10:45:01+02:00" level=error msg="Could not fetch tag! manifest unknown: OCI index found, but accept header does not support OCI indexes" repo=[...] tag=[...]Then I had to add application/vnd.oci.image.index.v1+json to the Accept header to every request and it fixed the issue with fetching the tags of the OCI image.
But in the next step deckschrubber tries to fetch the manifests and this fails:
time="2022-06-13T10:55:23+02:00" level=error msg="Could not fetch manifest! unsupported manifest media type and no default available: application/vnd.oci.image.index.v1+json" repo=[...] tag=[...]I tried to use application/vnd.oci.image.manifest.v1+json instead, as @everflux suggested, but fetching the tag failed:
time="2022-06-13T11:35:55+02:00" level=error msg="Could not fetch tag! manifest unknown: OCI index found, but accept header does not support OCI indexes"Accepting both application/vnd.oci.image.index.v1+json and application/vnd.oci.image.manifest.v1+json did not help either.
I do not know how to continue and I am tempted to just skip tags with OCI images instead of skipping the whole repository. :see_no_evil:
Edit: Maybe I have a completely different problem. My OCI images are not real images but the buildkit cache and buildkit chose to use the media type application/vnd.oci.image.index.v1+json for those manifests instead of application/vnd.oci.image.manifest.v1+json. https://github.com/moby/buildkit/issues/2251
everflux
commented
2 years ago If you have a test-build I am happy to try it out!
rwojsznis
commented
1 year ago anyone managed to solve this? 🤔
ran into same headers-rabbit-hole with image build using buildx v0.11.2-desktop.4 and registry:2.8.2; as I'm running on 0 context here I tried randomly upgrading docker-related deps in the app itself (including distribution) to no avail 😅
WhySoBad
Describe the bug When having OCI images (f.e. created with Google Jib) in the registry, cleanup fails since the manifests could not be retrieved. Logoutput:
To Reproduce Add OCI images to repository, run deckschrubber.
Expected behavior Cleanup of OCI images works.
Additional context To support OCI images at least the http accept header must include
The registry logs contain the following hint
The image is created with Jib in OCI image format, registry 2.7.1 is used.