kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard

Published 20 hours ago verified publisher icon GoogleContainerTools

AWS ECR Manifest MediaType

Open guimorg opened this issue 1 year ago • 1 comments

Actual behavior

We use gcr.io/kaniko-project/executor:debug to build images for a long time, usually, our base images are python slim images, which when inspected have their manifest mediaType as "mediaType": "application/vnd.oci.image.manifest.v1+json",.

We proceed to push the images built by kaniko to ECR and they remain annotated with "mediaType": "application/vnd.docker.distribution.manifest.v2+json".

Nevertheless, today we've noticed via some inconsistencies with unsupported mediaType that these same images when built had their mediaType pushed as OCI to our AWS ECR repository.

I am unsure if this is expected or not since we've had processes for a long time working like this where the manifest was pushed as Docker V2 and not OCI. I've made a simple test locally (with Docker, though) and the image is pushed as Docker V2, but when running kaniko on GitLab CI the images were pushed as OCI.

Expected behavior A clear and concise description of what you expected to happen.

I've expected the same behavior from previous executions where images were pushed as Docker V2 manifest mediaType.

To Reproduce Steps to reproduce the behavior:

  1. Build kaniko image with command:
     /kaniko/executor
      --build-arg CI_REGISTRY="$CI_REGISTRY"
      --context $BUILD_CONTEXT
      --dockerfile $BUILD_DOCKERFILE_PATH
      --destination $CONTAINER_IMAGE_NAME:$CONTAINER_IMAGE_TAG
  1. Check the docker manifest pushed to ECR:
docker manifest inspect <account>.dkr.ecr.<region>.amazonaws.com/<CONTAINER_IMAGE_NAME>:<CONTAINER_IMAGE_TAG>

Additional Information

  • Dockerfile Please provide either the Dockerfile you're trying to build or one that can reproduce this error.
# Basic Slim Python Image
FROM python:3.11-slim

ENV PYTHONUNBUFFERED=TRUE
ENV PYTHONDONTWRITEBYTECODE=TRUE

ADD requirements.txt .

RUN python3 -m pip install -r requirements.txt && \
    rm -rf /root/.cache

COPY ./ /opt/

ENV PATH="/opt/:${PATH}"

RUN chmod +x /opt/*

EXPOSE 8080
  • Build Context Please provide or clearly describe any files needed to build the Dockerfile (ADD/COPY commands)
app.py   Dockerfile   requirements.txt
  • Kaniko Image (fully qualified with digest) (internal image on ECR)

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
  • - [ ]
Please check if the build works in docker but not in kaniko
  • - [X]
Please check if this error is seen when you use --cache flag
  • - [X]
Please check if your dockerfile is a multistage dockerfile
  • - [X]

guimorg avatar Nov 30 '23 01:11 guimorg

Are there any updates on this?

tanadeau avatar Feb 07 '24 22:02 tanadeau