-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Parked
-
Affects Version/s: 3.6.0, 3.11.0
-
Fix Version/s: None
-
Component/s: Docker
-
Labels:None
-
Environment:Red Hat OpenShift v3.7.14 / Kubernetes v1.7.6+a08f5eeb62
I build an OCI image with the buildah 0.16 tool and then I pushed it to a private docker registry on nexus.
The push is ok and i can see the image on Nexus GUI.
But when i try to pull it with a docker client > 1.13 i get this error :
level=debug msg="Calling POST /v1.27/images/create?fromImage=MY_IMAGE_NAME_AND_TAG" level=debug msg="hostDir: /etc/docker/certs.d/MYREGISTRY" level=debug msg="hostDir: /etc/docker/certs.d/MYREGISTRY" level=debug msg="Trying to pull MY_IMAGE_NAME_AND_TAG from [https://MYREGISTRY|https://myregistry/] v2" level=debug msg="Calling GET /v1.30/services" level=debug msg="Calling GET /v1.30/tasks" level=error msg="Error trying v2 registry: target is unknown" level=error msg="Attempting next endpoint for pull after error: target is unknown" level=debug msg="Skipping v1 endpoint [https://MYREGISTRY|https://myregistry/] because v2 registry was detected" level=error msg="Handler for POST /v1.27/images/create returned error: target is unknown"
When the manifest is pushed this is the request :
PUT //docker-XXXXX/v2/test/build-docker/manifests/0.4-SNAPSHOT HTTP/1.1 User-Agent: Go-http-client/1.1 Content-Length: 496 Authorization: Bearer DockerToken.48158b78-72a0-3bb7-ba67-b742XXXXX24 Content-Type: application/vnd.oci.image.manifest.v1+json Docker-Distribution-Api-Version: registry/2.0 Accept-Encoding: gzip Connection: close Host: docker-XXXXX X-Forwarded-Host: docker-XXXXX X-Forwarded-Port: 443 X-Forwarded-Proto: https Forwarded: for=1XXXXX;host=docker-XXXXX;proto=https X-Forwarded-For: 1XXXXX
And the response from Nexus :
201 null HTTP/1.1 Connection: close Date: Wed, 25 Apr 2018 11:11:28 GMT Server: Nexus/3.6.0-02 (OSS) X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Docker-Distribution-Api-Version: registry/2.0 Last-Modified: Wed, 25 Apr 2018 11:11:28 GMT Docker-Content-Digest: sha256:a4869aba816cb490482be506ad0eade677f7597968a6ac2df218fb95a3f3a47a Content-Type: application/vnd.docker.distribution.manifest.v2+json Content-Length: 496
And when i visualize the manifest on nexus i get this :
\{\{\{ "schemaVersion":2,}}
\{\{ "config":\{ "mediaType":"application/vnd.oci.image.config.v1+json", "digest":"sha256:23d1c505e127930cae6d0540a6c8ecfd7f59fc1c674f86343c9b54233e47ea23", "size":6410 }, "layers":[ \{ "mediaType":"application/vnd.oci.image.layer.v1.tar", "digest":"sha256:f2b6b4884fc8b2f1fcef843f92f7c82c9c149df85ac77e5f0de7a342ae442412", "size":52608519 },}}
A mediaType attribute is missing at the top level with this value :
application/vnd.oci.image.manifest.v1+json
And then i try a curl to get the manifest content the Content-type returned by nexus is :
Content-Type: application/vnd.docker.distribution.manifest.v2+json
This moby issue suggest that with docker > 1.13 the docker pull is more restrictive on the mediatype, it's why it's work with docker < 1.13.
In Question: _The cause of this issue is that nexus doesn't managed the mediaType : application/vnd.oci.image.manifest.v1+json so it's actually not OCI Compliant ?_
Expected
Nexus Repository Manager hosted Docker registries OCI compliance:
https://blog.docker.com/2018/04/docker-registry-api-standardized-oci/
https://www.opencontainers.org/
Workaround
Specific to buildah - the tool can be forced to push docker compliant images. Example:
buildah bud --format=docker
For more information see https://github.com/projectatomic/buildah/issues/575
- relates
-
-
- Closed
-