Container resources (e.g. redis) not compatible with Podman #3423
Comments
dotnet-issue-labeler
bot
added
the
area-app-model
|
We should get this into GA |
|
I was thinking that maybe there should be a warning log on startup for any registered container where the image name is not prefixed. Should indicate that unprefixed image names are not compatible with all runtimes? Would help with third-party package module developers doing the same thing when adding Aspire support? |
|
@davidfowl should container resource just be having this as a part of the base type? |
|
Yes, we have a choice to make. Do we make null mean docker.io in aspire or do we force people do specify it. |
|
@petedavis Can you confirm your settings a bit? I assume no Podman Desktop installation correct and you just have podman CLI on your Fedora OS? I was just trying this on my mac, but I have Podman Desktop which has registries configured by default in registries.conf and thus the pull worked. |
|
Sure @timheuer I have podman installed via dnf, although I have installed Podman Desktop after, which I believe does work differently to having raw Podman service installation. |
|
It's hard to know how common this will be. I imagine that podman has done lots of work to make their tooling a drop in replacement for docker. This must be a well known issue with a workaround? |
|
Thanks @petedavis -- I assume in /etc/containers/registries.conf.d in both unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]
@davidfowl I think they have mostly, especially in Podman Desktop where when creating a podman machine it looks like it has some default registries configured (https://podman.io/docs/installation#registriesconf) with this 'unqualified' conf setting (I did nothing to create this, but did all config through Podman Desktop). I think using just podman CLI this is not created (or uncommented) by default. |
|
@davidfowl I feel like we could consider the same 'unqualified' aspect by modifying to be something like: public static IResourceBuilder<T> WithImage<T>(this IResourceBuilder<T> builder, string image, string tag = "latest", string registry = "docker.io") where T : ContainerResource
{
if (builder.Resource.Annotations.OfType<ContainerImageAnnotation>().LastOrDefault() is { } existingImageAnnotation)
{
existingImageAnnotation.Registry = registry;
existingImageAnnotation.Image = image;
existingImageAnnotation.Tag = tag;
return builder;
}
// if the annotation doesn't exist, create it with the given image and add it to the collection
var containerImageAnnotation = new ContainerImageAnnotation() { Image = image, Tag = tag, Registry = registry };
builder.Resource.Annotations.Add(containerImageAnnotation);
return builder;
}Downside of the simpler approach is a documentation one I think. As specifying an Image tag that also includes fully qualified registry (as some of the Azure ones do) would fail in this default here, but maybe a better failure separating out the registry as already modeled in the AppModel. E.g. Cosmos would (and maybe should anyway?) change: |
|
My
Maybe there are cases where it auto resolves |
|
Definitely strange -- both macOS and Windows for me yielded no prompt (despite also the docs saying it would): |
|
This is interesting. I only get a short name resolved if it is explicity listed in the It explicitly has the line There must be an option to enable the Podman Desktop works out of the box and will pull After selecting a respository in the console, it saves a shortname cache which allows for pulling via shortname after. The cache file was updated after selecting the repository. |
|
Agreed @petedavis something is setting this and the docs don't make it clear what may be doing it (some GH issues of people noting that if Podman wants to be a true drop-in replacement for Docker that the unqualified setting needs to be default). But the guidance elsewhere that short-name usage alone is not a best practice (despite us all doing it ;-)) feels sound and prevents spoofing as well. We have the registries modeled here and should consider this change (applying similar 'unqualified search' default to docker.io IMO). |
Podman doesn't default to the docker.io registry when no registry is listed. Fully qualify the container image and registry to avoid any issues with assuming a reference. Fix dotnet#3423
Podman doesn't default to the docker.io registry when no registry is listed. Fully qualify the container image and registry to avoid any issues with assuming a reference. Fix #3423
* Fully qualify container images Podman doesn't default to the docker.io registry when no registry is listed. Fully qualify the container image and registry to avoid any issues with assuming a reference. Fix #3423 * Address PR feedback - Be consistent with all hosting extensions and split the ImageTags into a separate static class - Fix tests * Correct Azure ContainerImageAnnotation usages. --------- Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com>
I noticed that you can run Aspire on Podman, so I tried the sample application with the environment variable set.
When running the application you get the following errors logged
And shows on the Dashboard
The issue is the image names need an explicit prefix for Podman, unlike Docker wich assumes
docker.ioprefix if none exists. So for full Podman support, all image names from docker hub will need to be explicit withdocker.io/redisas the image name.Verified by changing the sample Program code to:
Which then works perfectly:
Environment:
Fedora 39
dotnet SDK 8.0.100
Aspire version: 8.0.0-preview.4.24156.9+692dc41a65da572a7df25d53a9f2880afe59fdd
Podman v4.9.4
The text was updated successfully, but these errors were encountered: