-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
exporter: containerimage: Add an option to unlazy image blobs #2800
Conversation
README.md
Outdated
@@ -232,6 +232,7 @@ Keys supported by image output: | |||
* `registry.insecure=true`: push to insecure HTTP registry | |||
* `oci-mediatypes=true`: use OCI mediatypes in configuration JSON instead of Docker's | |||
* `unpack=true`: unpack image after creation (for use with containerd) | |||
* `ensure-blobs=true`: ensure blobs of the result image are locally available |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"locally" needs to be explained
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the comment. Fixed the explanation to "exist in the content store" instead of "locally available".
README.md
Outdated
@@ -232,6 +232,7 @@ Keys supported by image output: | |||
* `registry.insecure=true`: push to insecure HTTP registry | |||
* `oci-mediatypes=true`: use OCI mediatypes in configuration JSON instead of Docker's | |||
* `unpack=true`: unpack image after creation (for use with containerd) | |||
* `ensure-blobs=true`: ensure blobs of the result image exist in the content store |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need the extra key? Don't we always need to run this when exporting images to containerd?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tonistiigi Thank you for the comment. This is because tests require blobs being lazy even after exporting it with type=image,push=true
https://github.com/moby/buildkit/runs/6000088966?check_suite_focus=true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it creates a broken image in containerd then it looks wrong. Maybe we need an option that would allow to push the image without adding it to the containerd image store. In that case blobs could remain lazy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
an option that would allow to push the image without adding it
It won't pass some tests like testLazyImagePush
which performs the check using lazy images in the image store.
How about making ensure-blobs=true
the default behaviour when a client creates an image in the image store?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe better would be store=false
that would skip saving image to the image store.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added store
option. I think this should be store=true
by default for keeping the backward-compatibility of type=image
behaviour.
https://github.com/moby/buildkit#containerd-image-store
The containerd worker needs to be used
buildctl build ... --output type=image,name=docker.io/username/image
ctr --namespace=buildkit images ls
8235fd9
to
b9ebe45
Compare
README.md
Outdated
@@ -239,6 +239,7 @@ Keys supported by image output: | |||
* `force-compression=true`: forcefully apply `compression` option to all layers (including already existing layers). | |||
* `buildinfo=true`: inline build info in [image config](docs/build-repro.md#image-config) (default `true`). | |||
* `buildinfo-attrs=true`: inline build info attributes in [image config](docs/build-repro.md#image-config) (default `false`). | |||
* `store=true`: stores the result images to the worker(e.g. containerd)'s image store as well as ensures that the image has all blobs in the content store (default `true`). Ignored if the worker doesn't have image store (e.g. OCI worker). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the worker's (e.g. containerd)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed this.
client/client_test.go
Outdated
"name": target, | ||
"push": "true", | ||
"store": "true", | ||
"store-allow-incomplete": "true", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need "store-allow-incomplete" as it creates broken images that can't be pushed or extracted. The user has the option to store with blobs or not store at all.
If it is only for tests (and there is no other way), then prefix with unsafe-internal-
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added unsafe-internal-
prefix.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
Some blobs in the result image can be lazy (i.e. not existing in the local content store).
This doesn't allow non-buildkit containerd clients (e.g. ctr, nerdctl, ...) fetching the resulting image from containerd.
Unpack doesn't solve this because it only unlazies the default platform of the image.
This commit fixes this by adding a new option
ensure-blobs
to containerimage exporter.This option unlazies blobs of the build result.