OCI-image load with cache load or podman-env does not Work

[dilyanpalauzov]

I have an oci-image.tar file on the local filesystem and I want to insert it into a Minikube Cluster.

https://minikube.sigs.k8s.io/docs/handbook/pushing/ calls this process Load, and states (in the table) that podman-env command and cache command support the Load.

I have minikube version v1.23.0, podman version 3.3.1 and this file downloaded locally: https://mail.aegee.org/oci-images/ldap-2021-09-12.tar . (it is an oci-archive)

$ minikube start --container-runtime=cri-o
😄  minikube v1.23.0 on Fedora 34
    ▪ MINIKUBE_ACTIVE_PODMAN=minikube
✨  Using the podman driver based on user configuration
👍  Starting control plane node minikube in cluster minikube
🚜  Pulling base image ...
E0915 20:21:48.318864  119882 cache.go:200] Error downloading kic artifacts:  not yet implemented, see issue #8426
🔥  Creating podman container (CPUs=2, Memory=2200MB) ...
❗  This container is having trouble accessing https://k8s.gcr.io
💡  To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/
🎁  Preparing Kubernetes v1.22.1 on CRI-O 1.20.3 ...
    ▪ Generating certificates and keys ...
    ▪ Booting up control plane ...
    ▪ Configuring RBAC rules ...
🔗  Configuring CNI (Container Networking Interface) ...
🔎  Verifying Kubernetes components...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: storage-provisioner, default-storageclass

❗  /usr/bin/kubectl is version 1.20.5, which may have incompatibilites with Kubernetes 1.22.1.
    ▪ Want kubectl v1.22.1? Try 'minikube kubectl -- get pods -A'
🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

$ eval $(minikube podman-env)

$ podman images 
REPOSITORY  TAG         IMAGE ID    CREATED     SIZE
$ podman pull oci-archive:ldap-2021-09-12.tar 
Getting image source signatures
Copying blob 23202de353f1 done  
Copying config 13f92300c1 done  
Writing manifest to image destination
Storing signatures
13f92300c1b0cd810bcc03a4ab8a8d7e85dfd40f051a3153d698618e70616f4e

$ podman images
REPOSITORY            TAG         IMAGE ID      CREATED     SIZE
localhost/2021-09-12  latest      13f92300c1b0  3 days ago  6.35 MB

$ podman --remote pull oci-archive:ldap-2021-09-12.tar 
Error: unsupport transport oci-archive in "oci-archive:ldap-2021-09-12.tar": only docker transport is supported

#### with podman --remote (which shall be the same as podman-remote) 
#### Loading images from oci-archive to minikube cluster does not work)

$ minikube cache add ldap-2021-09-12.tar 
❗  "minikube cache" will be deprecated in upcoming versions, please switch to "minikube image load"
❗  The image 'ldap-2021-09-12.tar' was not found; unable to add it to cache.

$ minikube cache add oci-archive:ldap-2021-09-12.tar 
❗  "minikube cache" will be deprecated in upcoming versions, please switch to "minikube image load"
❗  The image 'oci-archive:ldap-2021-09-12.tar' was not found; unable to add it to cache.

$ minikube cache list 
ldap-2021-09-12.tar
oci-archive:ldap-2021-09-12.tar 

Adding images by minikube cache add prints error on import, but minikube cache list does print the images.

Loading images with podman --remote does not work, see also containers/podman#11593 .

[afbjorklund]

I don't think we support OCI images, only Docker images have ever been tested afaik

The other tools create "compatible" tarballs, that feature both kinds of manifest I think

[dilyanpalauzov]

For the record, as mentioned at containers/podman#11593, $ podman --remote load < ./ldap-2021-09-12.tar does work. I propose writing down how OCI images can be loaded.

[medyagh]

hi @dilyanpalauzov I am not sure what would be the action minikube could take in this case,

to be clear, do you mean the images that Are loaded using "minikube ssh podman load" should show up in "minikube image ls" ?

[dilyanpalauzov]

I mean $ minikube cache add ./X shall be the same as podman --remote load < ./X. This is described at https://minikube.sigs.k8s.io/docs/handbook/pushing/#2-push-images-using-cache-command .

[afbjorklund]

You will have to use minikube image load, if you want to load content from tarballs.

I think minikube cache add only supports the docker daemon and docker registry ?

[dilyanpalauzov]

This is not clear from reading https://minikube.sigs.k8s.io/docs/handbook/pushing/#2-push-images-using-cache-command . It shall explicitly state, that it works with Docker images and not with OCI images.

[afbjorklund]

It also doesn't work with the Podman service, only with the Docker daemon

And the "short names" will fail on stricter Podman, that requires "docker.io"

[afbjorklund]

It shall explicitly state, that it works with Docker images and not with OCI images.

It does say "From your host, you can push a Docker image directly to minikube."

[dilyanpalauzov]

What is “podman service”?

Nowadays, often under “docker images” are meant also “oci images”, therefore it shall be stated explicitly if the one is not meant.

[afbjorklund]

What is “podman service”?

As in the podman.service unit

Basically the thing that is answering the podman.sock, which is still needed if using the API instead of the CLI

(It is possible to talk to it using the CLI too, with podman --remote. It is always required, when not on Linux)

[afbjorklund]

And I agree about the OCI and the CRI, just that "nobody" has started using them yet. But it should be documented.

Please send a PR.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[klaases]

Hi @dilyanpalauzov, did you want to create a PR per @afbjorklund's comment?

[dilyanpalauzov]

No, I do not use minikube anymore.

[klaases]

Hi @dilyanpalauzov – this issue will be closed as additional information was unavailable and some time has passed. Please feel free to re-open the issue by commenting with /reopen if needed.

Thank you for sharing your experience!