-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi-platform docker run errors with "Cannot overwrite digest" when using image manifest #43188
Comments
Thanks for opening! (Sorry for not replying sooner, I'll discuss this issue with some maintainers) The Error itself comes from Lines 157 to 160 in 7b9275c
And (as described) this error only happens when pulling by digest; my initial thinking was that it could be related to manifest caching (so skipping some steps if it already has the manifest cached?) |
Hi, we are hitting this issue as well. Is there any update? Thanks. |
I have been inspecting something like this, and it seems to come down to how multi-platform images are handled. I'm still trying to wrap my head around this, but will try to summarise what I have found out so far. When you pull an image, it has an associated digest: $ docker pull ubuntu:22.10
22.10: Pulling from library/ubuntu
46465228a6c0: Pull complete
Digest: sha256:d2d9a7a7b18ecb6a33befb2ca9d386462721b6523f165985719756778046b254
Status: Downloaded newer image for ubuntu:22.10
docker.io/library/ubuntu:22.10 Now you can actually inspect the image manifest. I've trimmed some parts away to make it easier to follow. docker manifest inspect ubuntu@sha256:d2d9a7a7b18ecb6a33befb2ca9d386462721b6523f165985719756778046b254
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"manifests": [
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 529,
"digest": "sha256:4a260e959a8e5186f1915e46bfb7663165ebfe5a7dc3365c76f9e3fb8d3019e4",
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 529,
"digest": "sha256:a9bb8163533a936c7f4463319a299ff15e35a24db77ba6838d56c14f03b9863b",
"platform": {
"architecture": "arm64",
"os": "linux",
"variant": "v8"
}
}
]
} As far as I understand, the digest $ docker pull ubuntu@sha256:4a260e959a8e5186f1915e46bfb7663165ebfe5a7dc3365c76f9e3fb8d3019e4
docker.io/library/ubuntu@sha256:4a260e959a8e5186f1915e46bfb7663165ebfe5a7dc3365c76f9e3fb8d3019e4: Pulling from library/ubuntu
415d72858c74: Pull complete
Digest: sha256:4a260e959a8e5186f1915e46bfb7663165ebfe5a7dc3365c76f9e3fb8d3019e4
Status: Downloaded newer image for ubuntu@sha256:4a260e959a8e5186f1915e46bfb7663165ebfe5a7dc3365c76f9e3fb8d3019e4
docker.io/library/ubuntu@sha256:4a260e959a8e5186f1915e46bfb7663165ebfe5a7dc3365c76f9e3fb8d3019e4 Note that I'm on an ARM chip and in the above command I pulled the AMD64 image. I can also pull the ARM image, and the missing "Pull complete" message indicates that it did not need to download anything: $ docker pull ubuntu@sha256:a9bb8163533a936c7f4463319a299ff15e35a24db77ba6838d56c14f03b9863b
docker.io/library/ubuntu@sha256:a9bb8163533a936c7f4463319a299ff15e35a24db77ba6838d56c14f03b9863b: Pulling from library/ubuntu
Digest: sha256:a9bb8163533a936c7f4463319a299ff15e35a24db77ba6838d56c14f03b9863b
Status: Downloaded newer image for ubuntu@sha256:a9bb8163533a936c7f4463319a299ff15e35a24db77ba6838d56c14f03b9863b
docker.io/library/ubuntu@sha256:a9bb8163533a936c7f4463319a299ff15e35a24db77ba6838d56c14f03b9863b This is because it already downloaded that with the initial So we have three digests in here:
The issue you're hitting is that you're specifying the root digest, instead of the platform-specific digest. Because that root-digest already exists, but maps to an image for a different architecture, you get the error-message To work around this, you can use the platform-specific digests instead. |
I just ran into this starting
When I un-set this env var,
|
The kind issue mentioned in above comment (#43188 (comment)) is somewhat different, more context in kubernetes-sigs/kind#2718. On an unrelated note I've hit this working on kind itself in a way unrelated to kubernetes-sigs/kind#2718, because if you
where abcd is the digest of a manifest list. The platform specific manifest workaround does work but ... it's pretty clunky |
I just ran into this today and can confirm it is related to pulling a multi-arch image by SHA. The simplest way to reproduce the error is to download a multi-arch image by SHA (which actually points to a manifest, not an image) for one architecture then another. Example Failure
|
Can confirm this is still and issue: ❯ docker version
Client:
Version: 24.0.7-rd
API version: 1.42 (downgraded from 1.43)
Go version: go1.20.10
Git commit: 72ffacf
Built: Wed Nov 1 18:41:50 2023
OS/Arch: darwin/arm64
Context: rancher-desktop
Server:
Engine:
Version: 23.0.6
API version: 1.42 (minimum version 1.12)
Go version: go1.20.11
Git commit: 9dbdbd4b6d7681bd18c897a6ba0376073c2a72ff
Built: Fri Nov 17 20:59:57 2023
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: v1.7.2
GitCommit: 0cae528dd6cb557f7201036e9f43420650207b58
runc:
Version: 1.1.7
GitCommit: 860f061b76bb4fc671f0f9e900f7d80ff93d4eb7
docker-init:
Version: 0.19.0
GitCommit:
❯ docker pull --platform=linux/amd64 jruby:9@sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290
docker.io/library/jruby@sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290: Pulling from library/jruby
Digest: sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290
Status: Image is up to date for jruby@sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290
docker.io/library/jruby:9@sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290
❯ docker pull --platform=linux/arm64 jruby:9@sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290
docker.io/library/jruby@sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290: Pulling from library/jruby
Digest: sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290
Cannot overwrite digest sha256:eadaf46a86eafb86e0b5aa72b39fd69fd4339196be613c546182003a85803290 |
Description
I've built a multi-platform image and I'm trying to use the image manifest digest to run the two platform versions locally and every time I'm getting an error on the second run.
Steps to reproduce the issue:
Describe the results you received:
Getting
Cannot overwrite digest $DIGEST
after the second commandDescribe the results you expected:
Container to run successfully for the specified platform
Additional information you deem important (e.g. issue happens only occasionally):
This issue doesn't happen if you use the image+tag combination and remove the image digest
Output of
docker version
:Output of
docker info
:The text was updated successfully, but these errors were encountered: