Image built with Kaniko claims to be OCI but in reality is not #1836
Description
Actual behavior
Coming from containers/buildah#3668
I am using kaniko to build an image based on an OCI-image.
The base image has the following manifest: ( notice mediaType: application/vnd.oci.image.layer.v1.tar+gzip )
>>> skopeo inspect --raw docker://${BASE_IMAGE} | jq .
{
"schemaVersion": 2,
"config": {
"mediaType": "application/vnd.oci.image.config.v1+json",
"digest": "sha256:61679cc9cfe1e3c757bfe2ff01222e25a4e0349ff70739f7c982df4e9484d5a4",
"size": 419
},
"layers": [
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:3bc51580eb8a78b645a88f9c89c0779be50944543b917c682af93035002c2d99",
"size": 79650768
}
]
}If I use this image as a base for another image built with Kaniko, I get the following resulting image:
{
"schemaVersion": 2,
"mediaType": "",
"config": {
"mediaType": "application/vnd.oci.image.config.v1+json",
"size": 906,
"digest": "sha256:da250df73fc4c57e758739f562f7c5bf77703f0547951a254a6043719ccb35a6"
},
"layers": [
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 79650768,
"digest": "sha256:3bc51580eb8a78b645a88f9c89c0779be50944543b917c682af93035002c2d99"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 222,
"digest": "sha256:8962e548f920af01274257418f3414570b5d0761524773a86df7835344e467f7"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 198,
"digest": "sha256:2b36e6ccfa17b538ef83c8aff96ffe823966883f90b4517b35346b57cc642c46"
}
]
}Which claims to be application/vnd.oci.image.config.v1+json but indeed has Docker application/vnd.docker.image.rootfs.diff.tar.gzip layers.
This shows as an error when going to use the child image as a base image in podman build, which shows (again see issue containers/buildah#3668):
Error: error creating build container: error preparing image configuration: error converting image
"containers-storage:[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev]@04ee292f7a5549e765c99205acc567738a09eb084409cd71f6600facd3743c51"
from "application/vnd.oci.image.manifest.v1+json" to "application/vnd.docker.distribution.manifest.v2+json":
Unknown media type during manifest conversion: "application/vnd.docker.image.rootfs.diff.tar.gzip"
Expected behavior
As @vrothberg suggests, the layers should be converted to OCI ones during build or when pushing to the registry.
To Reproduce
Steps to reproduce the behavior:
- Have a base image with
"mediaType": "application/vnd.oci.image.config.v1+json", - Use the base image to build another (multistage) image with Kaniko.
Additional Information
- Dockerfile
Unfortunately it is quite difficult to find a public image that has "mediaType": "application/vnd.oci.image.config.v1+json", but to build one the following can be achieved with podman:
>> cat Containerfile
FROM docker.io/alpine
RUN touch file.txt
RUN echo "hello world"
>> podman build -t base-image -f Containerfile .
>> podman push base-image path/to/remote/repo/base-image
Dockerfile for child image:
FROM ubuntu:20.04 as installer
ADD installer.sh .
RUN bash installer.sh
######################
FROM path/to/remote/repo/base-image
COPY --from=installer /opt/application /opt/application
RUN ln -s /opt/application/1.0.0 /opt/application/stable
CMD ["/bin/bash"]
- Build Context
Please provide or clearly describe any files needed to build the Dockerfile (ADD/COPY commands)
>>> cat installer.sh
mkdir -p /opt/application/1.0.0
touch /opt/application/1.0.0/file.txt
touch /opt/application/1.0.0/file2.txt
touch /opt/application/1.0.0/file3.txt
- Kaniko Image (fully qualified with digest)
Triage Notes for the Maintainers
| Description | Yes/No |
|---|---|
| Please check if this a new feature you are proposing | |
| Please check if the build works in docker but not in kaniko | |
Please check if this error is seen when you use --cache flag |
|
| Please check if your dockerfile is a multistage dockerfile |