kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard

Published 20 hours ago verified publisher icon GoogleContainerTools

Is there any solutions for docker load ?

Open Metal-joker opened this issue 3 years ago • 7 comments

I wanna use Kaniko in kubernetes, but this tool seems does not has the docker load utility. Did I miss something or load images in k8s pods unprivileged is an impossible mission?

Metal-joker avatar Dec 27 '21 10:12 Metal-joker

What are you trying to do?

docker load loads image contents from a tar archive into the container runtime environment so that it can be run.

Kaniko has a similar tool called the warmer, which can pull and cache image tarballs from a registry and make them available to the executor that builds images. The warmer doesn't do much, it just pulls layer contents into a tar file, in a different/better format than docker save.

imjasonh avatar Dec 28 '21 21:12 imjasonh

Hello. Il have the same request as 'Metal-joker'.

I am working in a secure environment where it is not possible to access a docker registry. Docker images are published / recieved as tar files (the output of docker save) .

I'd like to load this image, retag it and then push it into a local registry, without modification. Security constraints prevent me from using docker directly as it requires to be running in privileged mode, which is uncompatible with security constraints.

I was hoping kaniko could help me with this.

nmolinier avatar Feb 23 '22 13:02 nmolinier

I'd like to load this image, retag it and then push it into a local registry, without modification.

You may be interested in a different tool, like crane or Skopeo, that's specifically designed to move and retag images in a registry.

Kaniko is focused on building images, which means it will may lose information about multi-platform images specifically. It may also in some cases decompress (while loading) and recompress (while pushing) layer contents in ways that change the digest of images, which may not be what you intend. By contrast, crane and Skopeo (and similar tools) simply copy image data between registries, without changing or filtering their contents.

imjasonh avatar Feb 23 '22 14:02 imjasonh

I'd like to load this image, retag it and then push it into a local registry, without modification.

You may be interested in a different tool, like crane or Skopeo, that's specifically designed to move and retag images in a registry.

Kaniko is focused on building images, which means it will may lose information about multi-platform images specifically. It may also in some cases decompress (while loading) and recompress (while pushing) layer contents in ways that change the digest of images, which may not be what you intend. By contrast, crane and Skopeo (and similar tools) simply copy image data between registries, without changing or filtering their contents.

Thank you very much for this tip. Skopeo is exactly the king of tool I was looking for. It works like a charm.

nmolinier avatar Feb 23 '22 15:02 nmolinier

Hello. I am in a similar situation.

My environment do not have any access to Internet, docker registry or docker daemon. I do need to build a new image from a image file and output the new image as a file.

I need something like kaniko which can run completely offline. F_kaniko(image-v1.tar, Dockerfile) = image-v2.tar

warmer's docs are not very detailed. I think both executor and warmer assume access to a registry. I cannot find a way to load a image from tar file and then output to a cache dir which can be used by executor as cache so that no pulling any image would be needed.

Am I wrong about how kaniko can be used? If I am correct, would you give me some suggestions or workarounds?

sun603 avatar Jun 02 '22 09:06 sun603

You can run Kaniko to generate an image locally in either the tar format, or the OCI layout format.

The warmer can pull remote base images and place them in a cache dir, which the Kaniko executor will check when it runs, so it doesn't have to hit the remote registry to build. Docs here.

I agree this isn't terribly well documented (or tested!), any contributions to improve docs or to improve testing so that we have a running example, and can ensure this functionality doesn't break in the future, would be great.

imjasonh avatar Jun 02 '22 12:06 imjasonh

If I already use Kaniko to generate an image locally (e.g. base:latest) and save it as a tarball (e.g. base_latest.tar) Then in the next step, I want to load "base_latest.tar" and use as "FROM base:latest as base" in dockerfile. How can I do this?

ipa-rwu avatar Sep 06 '22 16:09 ipa-rwu

Has anybody figured out how to do this or a workaround for it? It would be quite useful. I made an attempt to use the warmer, hoping maybe the --image argument to the warmer would accept a tar file, but nogo.

theherk avatar Aug 15 '23 09:08 theherk