You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Multi-stage images with multiple registries is used
Multiple registries - Gitlab (main repository), Quay and JFROG are used
Cache is used
When I build an image with Kaniko 1.9.1 in Gitlab(used as cache and base repo), it's layers become mixed with different manifests - the problem seen for example with Quay 3.8.0/3.8.1, that rejects pushed image, that expects valid oci image oder docker image -
error pushing image: failed to push to destination QUAY_HOST: PUT .../latest: MANIFEST_INVALID: manifest invalid; map[message:failed to parse manifest: manifest data does not match schema: 'application/vnd.docker.image.rootfs.diff.tar.gzip' is not one of ['application/vnd.oci.image.layer.v1.tar', 'application/vnd.oci.image.layer.v1.tar+gzip', 'application/vnd.oci.image.layer.v1.tar+zstd', 'application/vnd.oci.image.layer.nondistributable.v1.tar', 'application/vnd.oci.image.layer.nondistributable.v1.tar+gzip', 'application/vnd.dev.cosign.simplesigning.v1+json', 'application/vnd.dsse.envelope.v1+json', 'text/spdx', 'text/spdx+xml', 'text/spdx+json', 'application/vnd.syft+json', 'application/vnd.cyclonedx', 'application/vnd.cyclonedx+xml', 'application/vnd.cyclonedx+json', 'application/vnd.in-toto+json', 'application/tar+gzip', 'application/vnd.cncf.helm.chart.content.v1.tar+gzip', 'application/vnd.oci.image.layer.v1.tar+gzip']
Failed validating 'enum'in schema['properties']['layers']['items']['properties']['mediaType']:
{'description': 'The MIME type of the referenced manifest',
'enum': ['application/vnd.oci.image.layer.v1.tar',
'application/vnd.oci.image.layer.v1.tar+gzip',
'application/vnd.oci.image.layer.v1.tar+zstd',
'application/vnd.oci.image.layer.nondistributable.v1.tar',
'application/vnd.oci.image.layer.nondistributable.v1.tar+gzip',
'application/vnd.dev.cosign.simplesigning.v1+json',
'application/vnd.dsse.envelope.v1+json',
'text/spdx',
'text/spdx+xml',
'text/spdx+json',
'application/vnd.syft+json',
'application/vnd.cyclonedx',
'application/vnd.cyclonedx+xml',
'application/vnd.cyclonedx+json',
'application/vnd.in-toto+json',
'application/tar+gzip',
'application/vnd.cncf.helm.chart.content.v1.tar+gzip',
'application/vnd.oci.image.layer.v1.tar+gzip'],
'type': 'string'}
On instance['layers'][1]['mediaType']:
'application/vnd.docker.image.rootfs.diff.tar.gzip']
Inspecting temporary image in Gitlab shows that image was generated by Kaniko with Invalid Specification(OCI should have no docker diff layers), though Gitlab had allowed saving this image :
Correct media-type of image - all layers should be conform to each other. They should OCI (application/vnd.oci.image.config.v1+json) or Docker (application/vnd.docker.distribution.manifest.v2+json) conform.
Bug seems to be introduced in Kaniko 1.9.1 with a change how first layer is handled - it is being not unpacked and probably saved with initial media type.
The text was updated successfully, but these errors were encountered:
Actual behavior
When I build an image with Kaniko 1.9.1 in Gitlab(used as cache and base repo), it's layers become mixed with different manifests - the problem seen for example with Quay 3.8.0/3.8.1, that rejects pushed image, that expects valid oci image oder docker image -
Inspecting temporary image in Gitlab shows that image was generated by Kaniko with Invalid Specification(OCI should have no docker diff layers), though Gitlab had allowed saving this image :
Expected behavior
Correct media-type of image - all layers should be conform to each other. They should OCI (application/vnd.oci.image.config.v1+json) or Docker (application/vnd.docker.distribution.manifest.v2+json) conform.
Correct image generated with Kaniko 1.9.0 :
Triage Notes for the Maintainers
Bug seems to be introduced in Kaniko 1.9.1 with a change how first layer is handled - it is being not unpacked and probably saved with initial media type.
The text was updated successfully, but these errors were encountered: