Story #3747: Add a config option to the importer to accept foreign layers - Docker Support

Story #3747

Updated by ipanova@redhat.com almost 6 years ago
Some images like windows base images, contain artifacts whose distribution is restricted by license. 
 when these images where pushed to a registry, restricted artifacts where skipped/not included. 

 For this reason we were skipping sync of foreign layers. 

 With the recent changes, due to use case of registries with air gapped network, now it's possible to push to the registry foreign layers, by enabling -allow-nondistributable-artifacts daemon option. 

 From client side, foreign layers are now pulled from the registry if possible, falling back to the URLs in the image manifest otherwise. As far as i know that's done in docker for Windows.    Linux version is still ignoring foreign layers during pull. 

 We need to add option `--allow-foreign-layers` to the importer, so during sync we could fetch them on explicit request. Defaults to false. 
 It will also cover the upload use case, otherwise we'd ignore the foreign layer to be uploaded to Pulp. 

 Example of a image with foreign layers: 

 <pre> 
 $ ./done-docker-token portainer/portainer:windows-amd64-1.13.0 
 { 
   "schemaVersion": 2, 
   "config": { 
     "digest": "sha256:7cc9ff24526dfffdb8c188e6bae7e11d75d1ac5731d85e6fdccd5c7382d84207", 
     "size": 2369, 
     "mediaType": "application/vnd.docker.container.image.v1+json" 
   }, 
   "layers": [ 
     { 
       "digest": "sha256:bce2fbc256ea437a87dadac2f69aabd25bed4f56255549090056c1131fad0277", 
       "size": 252691002, 
       "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip", 
       "urls": [ 
         "https://go.microsoft.com/fwlink/?linkid=837858" 
       ] 
     }, 
     { 
       "digest": "sha256:4a8c367fd46d2e2da2a8b0fa02158540e13b3a9015daf9f17d1af354a591492f", 
       "size": 121971948, 
       "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip", 
       "urls": [ 
         "https://go.microsoft.com/fwlink/?linkid=848906" 
       ] 
     }, 
     { 
       "digest": "sha256:feedefe2c110863b761bb71ba7199fefe1058afecbe68752d051c2ca0899e266", 
       "size": 3684048, 
       "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip" 
     }, 
     { 
       "digest": "sha256:bb652e12abcfb1b0681c29dcff44a842f54869d6a5d6c57de1523b275af77c17", 
       "size": 952, 
       "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip" 
     }, 
     { 
       "digest": "sha256:4addfdf3b551b41da10b28fb9e0e0702d568e68ce2330183220384358f0f7d9c", 
       "size": 947, 
       "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip" 
     }, 
     { 
       "digest": "sha256:ad5cdcb7aa1e047a4ac348b74b5652c8a16fcb3dd013c288f8e65a095995c1d4", 
       "size": 948, 
       "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip" 
     }, 
     { 
       "digest": "sha256:6bd5a5818cacdc9744192da603a8765e793ac1b5dcb1bf1efacbe81df875ea06", 
       "size": 943, 
       "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip" 
     } 
   ], 
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json" 

 </pre>
Back
Project

Profile

Help

Docker Support

Story #3747
