Proposal I - compatibilities extension in image index platform and image manifest config#19
Proposal I - compatibilities extension in image index platform and image manifest config#19ChaoyiHuang wants to merge 2 commits into
Conversation
ChaoyiHuang
requested review from
cyphar,
mfranczy,
neersighted,
sudo-bmitch and
vsoch
as code owners
ChaoyiHuang
force-pushed
the
proposal-i
branch
2 times, most recently
from
64ae3a0 to
4eb6b43
Compare
This proposal is born from proposal A to H. The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI. Signed-off-by: joehuang <joehuang.sweden@gmail.com>
| @@ -0,0 +1,235 @@ | |||
| # Proposal I - compatibilities extention in platform object | |||
There was a problem hiding this comment.
OK, update in next commit
|
Definetely the idea of adding a new I also like the idea because compatibility would be under the image spec. If container runtimes want to support it they would not have a lot of additional API calls. |
|
|
||
| This proposal is born from proposal A to H. | ||
|
|
||
| The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI. |
There was a problem hiding this comment.
| The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI. | |
| The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining a standalone artifact in OCI. |
There was a problem hiding this comment.
ok, will update in next commit
|
|
||
| The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI. | ||
|
|
||
| ## image spec platform object extention |
There was a problem hiding this comment.
| ## image spec platform object extention | |
| ## image spec platform object extension |
There was a problem hiding this comment.
yeah, spelling issue. will fix
|
|
||
| ### add platform.compatibilities descriptor | ||
|
|
||
| Add a new descriptor in platform object in [image index](https://github.com/opencontainers/image-spec/blob/main/image-index.md#image-index-property-descriptions). |
There was a problem hiding this comment.
Doesn't this still imply another artifact, it's just linked to differently, directly from a manifest list?
There was a problem hiding this comment.
The idea here is to address our concerns in current OCI specifications, avoid introduing a new standalone spec ( maintainers worried about new standard to maintain). so just add new descriptor in manifest entry's platform objector in image index, the descriptor will point to a manifest, in which the compatibilities could reside in config(the current commit), or in a new mediatype layer(another option).
it can be handled quite similar to artifact, but no need to use referrers api anymore.
the compatibilities now can be decoupled from container lifecycle,and optional for runtime engine, runtime engine can be configured to use the compatibilities or not, in sync or async order, it's easy for runtime engine to evolve.
|
|
||
| - **`features`** _array of strings_ | ||
|
|
||
| - **`compatibilities`** _[descriptor](https://github.com/opencontainers/image-spec/blob/main/descriptor.md)_ |
There was a problem hiding this comment.
This is confusing because now I'm thinking the field "compatibilities" is part of a descriptor.
There was a problem hiding this comment.
maybe another term would be better. your suggestion?
|
|
||
| ## Compatibilities Manifest | ||
|
|
||
| The compatibilities manifest is a special image manifest, contains only config and no blob layer. |
There was a problem hiding this comment.
So this is another link / redirection to get to the compatibilities? If I understand:
image manifest list -> descriptor -> image manifest -> config (which has them)?
There was a problem hiding this comment.
So this is another link / redirection to get to the compatibilities? If I understand:
image manifest list -> descriptor -> image manifest -> config (which has them)?
yes, this is the path to get the compatibilities content.
will submit another proposal to short the path by adding a new mediatype, as commented by Marcin
|
|
||
| ### Config Extention | ||
|
|
||
| The config object will be extened with compatibilities field. |
There was a problem hiding this comment.
Does this mean we need to do diffs and similar if you are combining layers from multiple images / multiple configs?
There was a problem hiding this comment.
no need. in this config, only compatibilities is valid content.
| #### Example - image is compatible with different hardware combinations | ||
|
|
||
| ```json | ||
| { |
There was a problem hiding this comment.
This looks like just slightly changing the format / structure to look like a config over an artifact. There are still many jumps to get here - I'm not sure why this approach is better? It has more down sides, like requiring the person own the image / registry URI to be able to update or define the compatibilities. And then the issue of changing digests.
There was a problem hiding this comment.
for jump, it's similar as artifact.
It has more down sides, like requiring the person own the image / registry URI to be able to update or define the compatibilities. And then the issue of changing digests.
it's quite easy to update compatibilites, just replace the descriptor in the image index manifest entry. and the image manifest and blob layes itself doesn't need to update (no rebuild and redistribution), the image manifest digest didnot change. it's very flexible while keep current flow unchanged.
ChaoyiHuang
changed the title
…config This proposal is born from proposal A to H. Based on the maintainers feedback, The purpose of the proposal, is to address the concern maintaining standalone artifact in OCI. Spec update is done on image index platform and image manifest config. Signed-off-by: joehuang <joehuang.sweden@gmail.com>
sudo-bmitch
left a comment
sudo-bmitch
left a comment
There was a problem hiding this comment.
Putting this on hold until we can discuss the risk of unexpected data loss.
|
|
||
| ### add platform.compatibilities descriptor | ||
|
|
||
| Add a new descriptor in platform object in [image index](https://github.com/opencontainers/image-spec/blob/main/image-index.md#image-index-property-descriptions). |
There was a problem hiding this comment.
Same issue that I raised on J: I have concerns that this descriptor would not be known to existing registries and client tooling. As a result, registries would accept an incomplete manifest, or silently delete the compatibility blob in a later GC cycle. And client tooling to copy images would fail to include the compatibility blobs.
There was a problem hiding this comment.
@sudo-bmitch is right, so far I confirmed that with regclient and zot registry.
For this proposal we would have to add a descriptor support to regclient and zot.
Didn't test other registries and tools yet.
4 participants
This proposal is born from proposal A to H.
The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI.