-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reference images with only an image or only a tag to be cri-o/OCI compatible #3220
Comments
Note, I was hoping https://skaffold.dev/docs/pipeline-stages/taggers/ could be used to control this but it seems like skaffold always append |
I tried do a few changes to the codebase to strip the digest but turns out that since both gitcommit and sha256 taggers generates fully stable tags no matter the amount of changes you've made skaffold's logic relies on the digest to be present. Then I tried to rewire the the manifest render which kinda worked but I'm not sure that would be the right level to fix it. Any guidance on where this would be fixed best would be appreciated and I'll happily try make a proper patch for this. |
@maxandersen We currently assume that the digest can safely be appended to the tag. This is unfortunately done in multiple places (look for The solution would be to extract that code to a function that appends the digest only to the basename. If it's possible to activate that behaviour only when the underlying engine is cri-o, that would be a plus. |
@maxandersen Can you share the output of |
@dgageot it’s a rather big cluster i'm testing on so a rather large file :) but I assume this section is what you would be looking for:
particular |
Autodetection is fine but I would still think it should be something to explicitly enable/declare to do rendering without contacting the cluster? |
Gave this a go but just replacing all places with |
@maxandersen I tested your branch and it works with CRI-O when your I agree with you that the target/CRI-O cannot always be auto-detected. A flag could be added to |
Yes, I basically reached same conclusion that this behavior was kinda needing to have some influence on the tag policy too - i tried swizzle the values in the generated manifests but it became way more messy than I felt it should be. And yes, sha1 is what must be there. |
Recent Tekton releases start to use both a tag and a digest, and therefore they don't work for some platforms like the new OpenShift 4.x which uses cri-o. To support them, Tekton decided to provide |
Looks like Cri-o will support those :tag@digest names: cri-o/cri-o#2351 |
correct - will hopefully soon be available in upcoming origin/openshift releases. |
I'm going to close this issue because there's not much we have to do on the skaffold side now. Thanks for reporting and investigating! |
Expected behavior
skaffold should have option to only use tags (or digest) when referring to generated images.
That is so it is compatible with the oci spec and will work in systems using cri-o (such as openshift/origin).
Today it references images like this:
docker.io/maxandersen/skaffold-example2:v0.41.0-175-g448e4014-dirty@sha256:f3e4ce9a4d629b78aef104253d6233132853e1c355dbdd04b2a9d309f14f20d5
That result in errors like this:
This have previously been discussed in #2089
which was closed with the comment to reopen or create new issue if requests to cri-o based projects did not succeed in getting support for tag/digest. Both containers/buildah#1407 and cri-o/cri-o#2351 have been closed referencing the distribution spec:
I understand why skaffold uses both as that in other systems are used to state, pull from the tag and if the sha does not match cause a failure as a double insurance.
But for now that "useful loophole" is not honored by cri-o and thus I suggest skaffold at least provide an option to only add the tag so skaffold can be used on these systems.
Information
Steps to reproduce the behavior
git clone https://github.com/GoogleContainerTools/skaffold
cd skaffold/examples/getting-started
skaffold dev
The text was updated successfully, but these errors were encountered: