Project

Profile

Help

Test #4461

closed

As a user i can configure download of the foreign layers

Added by bherring over 5 years ago. Updated almost 3 years ago.

Status:
CLOSED - WONTFIX
Priority:
Low
Assignee:
-
Sprint/Milestone:
-
Platform Release:
Tags:
Sprint:
Quarter:

Description

Some images like windows base images, contain artifacts whose distribution is restricted by license.
When these images are pushed to a registry, restricted artifacts are skipped/not included by default.

These artifacts are called foreign layers and have "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip"

Remote should have a Boolean "*allow_foreign_layers*" option which would control the download of the foreign layers.

Set to False (default):
Pulp will check the mediatype and simply will skip the foreign layers.
Case: do not sync content which is restricted by a license without explicit acknowledgment in the Remote config
From client side, it will follow the url specified in the details of the layer in the manifest.

Set to True:
Pulp will download the foreign layers by following the url.
Case: due to use case of registries with air gaped network, now it's possible to push to the registry foreign layers, by enabling -allow-nondistributable-artifacts daemon option. From client side, foreign layers are now pulled from the registry if possible, falling back to the URLs in the image manifest otherwise. As far as i know that's done in docker for Windows. Linux version is still ignoring foreign layers during pull.


Related issues

Copied from Container Support - Story #4171: As a user i can configure download of the foreign layersCLOSED - CURRENTRELEASEjortel@redhat.com

Actions

Also available in: Atom PDF