-
Notifications
You must be signed in to change notification settings - Fork 54
Add push and pull support using cnab-to-oci #681
base: master
Are you sure you want to change the base?
Conversation
This PR does not appear to satisfy the requirements of #668:
I've added an agenda item to today's CNAB community call to discuss these points. |
@glyn -- I do have one question about this discussion -- and keep in mind that I haven't followed the registry and image relocation discussions closely, so I might be asking something obvious here. Have we decided that the requirements from #668 about image relocation (which as I recall, is a continuation of the rewrite command) are the also the requirements for the simple bundle push / pull to OCI registries? At least at first, they look like two separate use cases, both with valid scenarios. |
No, we certainly haven't decided that, but I wanted to point out the potential conflict and have the discussion so we are all "on the same page". |
Thanks for pointing this out, @glyn! To sum up the discussion from the CNAB meeting earlier today, we decided that both approaches are valid, and we want to eventually support relocating the images for As we are working on the two implementations and we have a clear view of how they work, we will decide if / how we want to integrate relocating images either directly in Duffle, or as part of the |
2611762
to
16b907e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good, excepting the new dependency on Kubernetes 😕
@radu-matei : the PR moving to |
Done with #704 |
- Use a custom duffle branch using github.com/deislabs/cnab-go/bundle (waiting for cnabio/duffle#681 to be merged)
- Use a custom duffle branch using github.com/deislabs/cnab-go/bundle (waiting for cnabio/duffle#681 to be merged) Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
- Use a custom duffle branch using github.com/deislabs/cnab-go/bundle (waiting for cnabio/duffle#681 to be merged) Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
@silvin-lubecki - absolutely, we shouldn't wait on that PR. |
- Use a custom duffle branch using github.com/deislabs/cnab-go/bundle (waiting for cnabio/duffle#681 to be merged) Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
16b907e
to
39efc73
Compare
This PR introduces an initial implementation for working with OCI registries, provided by
As the current implementation uses
This has been tested using Azure Container Registries and Docker Hub. Feedback needed:
Thanks! |
cmd/duffle/pull.go
Outdated
var pull pullCmd | ||
cmd := &cobra.Command{ | ||
Use: "pull <ref> [options]", | ||
Short: "Pulls an image reference", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this command really pull an image reference?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be... pulls a remote bundle from an OCI registry
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, thanks for catching this. Updating.
I'm not sure what the intended spec of
( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The help text needs beefing up so that the spec of duffle push and pull is clear.
Nit: have you heard of draft pull requests? :-) |
@glyn Radu had in fact made this a draft pull request and changed it as ready for review in the past few days. |
Ah, I missed that. Thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I'm understanding this correctly, --target
is something required. If so, I think it should be a required argument and not a flag unless we plan on using some sort of defaulting mechanism later on. This is a non-blocking comment.
@michelleN - yes, the
That indeed seems a better, updating. Thanks for the feedback. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lmk when you're ready for another review @radu-matei. Heads up, I also saw the following error with $ duffle bundle list
--> Error: cannot load bundle: invalid character '-' in numeric literal
Don't think that's an issue in master but I'll double check. Cheers.
39efc73
to
cd9084f
Compare
@michelleN - updated the UX with your suggestions, and improved the help messages for both commands. That error message seems to be tied to some signed bundles (from before pulling out the signing part), and also rebased this, meaning there are no more references to those in this branch, so everything should be fixed now. |
cd9084f
to
ba25c02
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for clarifying the spec of push. I would like a little more clarity on the handling of images by push and maybe pull.
const pushDesc = ` | ||
Pushes a CNAB bundle to an OCI registry by pushing all container | ||
images referenced in the bundle to the target repository (all images are | ||
pushed to the same repository, and are referenceable through their digest). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where are images "pushed" from? Are they copied direct from their remote repositories or do they have to be present in a docker daemon?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, they are directly copied from the remote (and actually, as #734 tracks, if the images are only present in the local daemon, this will fail)..
Pulls a CNAB bundle from an OCI repository. | ||
The only argument for this command is the repository where | ||
the bundle can be found, and by default, this command pulls the | ||
bundle and stores it in the local bundle store. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this command do anything with images referenced by the bundle?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, by default it does not pull the referenced images.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I’m revisiting this PR after the whole OCI discussion - do you think it pulling the bundle should pull the referenced images?
Most likely they will not be used on the same machine that pulls the bundle, so not sure about this - would an optional flag for pulling the images be helpful?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it makes sense for a local development use case to pre-populate the local docker image store (just pull the bundle and everything in it and it "works"), so I agree with the optional flag.
By the way I don't think it should be a cnab-to-oci
feature, as it has no knowledge of the docker engine, only duffle has. I guess it will then parse the bundle.json
and call docker pull
on every docker image using the docker client ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I agree - I wasn't thinking this should be in cnab-to-oci
.
} | ||
|
||
func newPullCmd(w io.Writer) *cobra.Command { | ||
const usage = `Pulls a bundle from an OCI repository` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: use const block
Signed-off-by: Radu M <root@radu.sh>
Signed-off-by: Radu M <root@radu.sh>
Signed-off-by: Radu M <root@radu.sh>
ba25c02
to
61bb2d7
Compare
Rebased off #827 - haven't addressed all comments yet. |
Signed-off-by: Radu M <root@radu.sh>
This PR is the very first attempt to make things build. It is a sanity check and a reference for the all dependency versions we need in order to have Duffle and cnab-to-oci compile, and it uses my forks for cnab-to-oci, as well as a CNAB Go package extracted from Duffle in order to avoid circular dependencies.
It also implements naive push and pull commands, to make sure everything works together -- see below.
Obviously, this should not be merged in its current state.
cc @michelleN, @silvin-lubecki