c8d/push: Support --platform switch
#47679
Conversation
vvoland
force-pushed
the
c8d-multiplatform-push
branch
2 times, most recently
from
83357b3
to
489ca74
Compare
|
Noting what we discussed on zoom: I think the platform option needs to support something like buildx also supports |
vvoland
force-pushed
the
c8d-multiplatform-push
branch
from
489ca74
to
fc5fa64
Compare
|
I added the
|
vvoland
force-pushed
the
c8d-multiplatform-push
branch
from
fc5fa64
to
dfe5a6c
Compare
client/image_push.go
Outdated
| @@ -36,6 +37,14 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options image.Pu | |||
| } | |||
| } | |||
|
|
|||
| if options.Platform != "" { | |||
| if options.Platform == "local" { | |||
| query.Set("platform", platforms.DefaultString()) | |||
There was a problem hiding this comment.
cc @tianon
More platform strings :)
There was a problem hiding this comment.
oof, and generated in client code to pass to the daemon 😭
local in the client is not local to the daemon 😭
There was a problem hiding this comment.
Made local mean the platform local to the client for consistency with buildx --platform local.
That's why there's also remote (although I think I'd prefer to call it host) that is handled on the daemon side and defaults to the daemon platform:
moby/api/server/router/image/image_routes.go
Lines 554 to 559 in dfe5a6c
Happy to hear your suggestions if you have better ideas 😄
There was a problem hiding this comment.
Definitely creeping into "build" vs "host" vs "target" confusion territory here -- what's the use case for building for the client-local host's platform when talking to a different daemon?
(Some of the context for this discussion is containerd/platforms#6, which actually makes platforms.DefaultString() unsafe to pass across process/machine boundaries like this, but I think the issue here is larger.)
There was a problem hiding this comment.
Probably because I'd mentioned it in an earlier review, but more "the client shouldn't have to know the daemon's platform... also should we do the buildx thing for client platform?"
It may well be not needed.
There was a problem hiding this comment.
what's the use case for building for the client-local host's platform when talking to a different daemon?
Personally, --platform local was useful to me for extracting binaries out of docker images to use on my host system, like:
echo 'FROM moby/moby-bin:master' | docker buildx build --platform local -o type=local,dest=asdadsad -
So, mostly thinking of remote daemon or, a more down-to-earth case: DD on non-Linux platforms - in the above case I really don't care about the VM, I just want to get the image for my host.
However, local might be less useful than the remote/host/daemon for the interactive case, because most of the time I know what platform my client host is running on. Still, it could be useful in scripts.
Also, in case of a remote Docker host - users might want to push the image for the platform of their host:
$ docker -c beef tag <some-image> myregistry.local/some-image
$ docker -c beef push --platform local myregistry.local/some-image
$ docker run myregistry.local/some-imageBut still, I think that's mostly useful for scripts, as in the interactive case it's highly likely that user would pass the platform explicitly anyway.
There was a problem hiding this comment.
Anyway, I'm fine with dropping these for now. We can always add them later if there's a real demand for it.
There was a problem hiding this comment.
I would advise against using a single string field to represent the platform in the API. The first issue is highlighted here that it is too tempting to override it with special values. The second issue is that the string format is now a part of the API which it is not intended for. In containerd we only use the string for CLI or config, but the API always uses the structured form (https://github.com/containerd/containerd/blob/main/api/types/platform.proto) or its embedded in json in the original form (https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/descriptor.go#L53).
The point of this change is to make the API endpoint behavior more explicit which filling in a variable "remote" value doesn't really accomplish. The way the current API behaves is already "--platform remote" and I worry by adding this flag here we end up changing the API to default to only push all platforms and end up recommending users to add "--platform remote". I think its best to keep the default to push whatever what pulled for that same image, so the equivalent of "--platform remote" if only a single platform was pulled or push all platforms if we can support pull all platforms. The case of pushing a single platform which differs from the remote after pulling multiple platforms seems like an edge case and is likely better handled with a separate command to edit an image with a new manifest.
There was a problem hiding this comment.
Removed the single string and added parameters that correspond to the fields of ocispec.Platform.
This adds the common helper functions used by the recent multiplatform-related PRs. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Translate os.ErrNotExist into cerrdefs.ErrNotExists Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Add utility that allows to construct an image with the specified platforms. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
vvoland
force-pushed
the
c8d-multiplatform-push
branch
from
dfe5a6c
to
c63b42e
Compare
|
I added unit tests for the descriptor candidate selection code. Also tweaked the default behavior (no explicit platform selection) to choose a single-platform manifest in some cases. |
vvoland
force-pushed
the
c8d-multiplatform-push
branch
2 times, most recently
from
9db1dc3
to
e8d00ce
Compare
| { | ||
| name: "none requested on v7 daemon, v7 not available", | ||
| check: singleManifestSelected(linuxArmv5), // Should it fail, because v5 can't be pushed? | ||
|
|
||
| indexPlatforms: []platforms.Platform{linuxArm64, linuxArmv7, linuxArmv5}, | ||
| deletePlatforms: []ocispec.Platform{linuxArmv7}, | ||
| daemonPlatform: &linuxArmv7, | ||
| requestPlatform: nil, | ||
| }, |
There was a problem hiding this comment.
It's not immediately obvious to me what this is testing/emulating, sorry 😅
Isn't linuxArmv7 being in indexPlatforms meaning that the image does support v7? What is deletePlatforms?
There was a problem hiding this comment.
deletePlatforms are the platforms that are missing locally. So the case is:
Image index supports: linux/arm64, linux/arm/v5 and linux/arm/v7.
Daemon is running on: linux/arm/v7
User has pulled: linux/arm64, linux/arm/v5 (image index minus the deletePlatforms).
Should the arm/v5 be pushed (as the daemon can run this image), even though it's not the native variant which the original image supports?
Add a OCI platform fields as parameters to the `POST /images/{id}/push`
that allow to specify a specific-platform manifest to be pushed instead
of the whole image index.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
vvoland
force-pushed
the
c8d-multiplatform-push
branch
from
e8d00ce
to
dea3651
Compare
| p.OSVersion = form.Get("osversion") | ||
| p.OSFeatures = form["osfeatures"] |
There was a problem hiding this comment.
Wondering if we should include these... They seem to be ignored by default containerd matcher though: https://github.com/containerd/platforms/blob/c1438e911ac7596426105350652fe267d0fb8a03/platforms.go#L154-L159
On the other hand, I can image an index having multiple images for different OSVersions/Features and user wanting to push only a selected one.
So IMO, we should either:
- Drop these parameters from the API
- Use a custom platform matcher that also checks these
WDYT?
There was a problem hiding this comment.
Would it be horrible to use the canonical JSON representation in a single field instead of multiple fields?
There was a problem hiding this comment.
IMO, yes, because we pass the parameters by encoding them in url query, not as a json-encoded body 🙈
That doesn't really solve the OSVersion and OSFeatures issue though :P
Add OCI platform fields as a parameters to the
POST /images/{id}/pushthat allow to specify a single-platform manifest to be pushed instead of the whole image index.- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)