kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard
verified publisher icon GoogleContainerTools

Images built from scratch only in docker format

Open Silvanoc opened this issue 1 year ago • 0 comments

Actual behavior I am building an image FROM scratch with Kaniko and I can only get Docker Images (manifest mediaType is application/vnd.docker.distribution.manifest.v2+json).

Expected behavior Default image format is OCI (manifest mediaType is application/vnd.oci.image.manifest.v1+json), because the Docker format is considered to be obsolete, or there is an argument to select the format explicitly.

To Reproduce Steps to reproduce the behavior (👀 please notice files and scripts provided below for easy reproduction):

  1. Create a Dockerfile to build an image from scratch.
  2. Build the image with Kaniko. An example created with Kaniko using the scripts and files provided below is available under the reference ghcr.io/silvanoc/kaniko-scratch:latest.
  3. Get the manifest with regctl manifest get ... or skopeo inspect --all .... Look at the files and scripts provided below to run these commands.

Additional Information

The root-cause of this issue is in one of the libraries. See https://github.com/google/go-containerregistry/issues/2012 for more information.

docker build ... creates an OCI image, as expected.

  • Dockerfile 
    FROM scratch
COPY hello /
  • Build Context + Dockerfile + hello (empty file)
  • Kaniko Image (fully qualified with digest)

Files and scripts to reproduce

Dockerfile 
FROM scratch
COPY hello /
push-kaniko.bash 
#!/usr/bin/env bash

docker run \
  -ti \
  --rm \
  -v $(pwd):/workspace \
  -v $(pwd)/config.json:/kaniko/.docker/config.json:ro \
  gcr.io/kaniko-project/executor:v1.23.2-debug@sha256:c3109d5926a997b100c4343944e06c6b30a6804b2f9abe0994d3de6ef92b028e \
    --dockerfile /workspace/Dockerfile \
    --destination ghcr.io/silvanoc/kaniko-scratch:latest
get-manifest-mediatype.bash 
#!/usr/bin/env bash

if which regctl >/dev/null ; then
  regctl manifest get \
      --format raw-body \
      ghcr.io/silvanoc/kaniko-scratch:latest \
    | jq -r '.mediaType'
elif which skopeo >/dev/null ; then
  skopeo inspect \
      --raw docker://ghcr.io/silvanoc/kaniko-scratch:latest \
    | jq -r '.mediaType'
else
  echo "You need either regctl or skopeo to run this command"
  exit 1
fi

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
  • - [ ]
Please check if the build works in docker but not in kaniko
  • - [x]
Please check if this error is seen when you use --cache flag
  • - [ ]
Please check if your dockerfile is a multistage dockerfile
  • - [ ]

Silvanoc avatar Sep 18 '24 16:09 Silvanoc