Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal I - compatibilities extension in image index platform and image manifest config #19

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

ChaoyiHuang
Copy link
Collaborator

This proposal is born from proposal A to H.

The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI.

@ChaoyiHuang ChaoyiHuang force-pushed the proposal-i branch 2 times, most recently from 64ae3a0 to 4eb6b43 Compare June 11, 2024 08:42
This proposal is born from proposal A to H.

The purpose of the proposal, based on the maintainers feedback,
is to address the concern maintaining standalone artifact in OCI.

Signed-off-by: joehuang <[email protected]>
@@ -0,0 +1,235 @@
# Proposal I - compatibilities extention in platform object
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/extention/extension/g

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, update in next commit

@mfranczy
Copy link
Collaborator

Definetely the idea of adding a new compatibilities field in the index that is a descriptor is interesting.
As mentioned in the comment, if we go that way we should create a new media type application/vnd.oci.image.compatibility.v1+json and provide its own properties (probably the one we wanted for artifact).

I also like the idea because compatibility would be under the image spec. If container runtimes want to support it they would not have a lot of additional API calls.


This proposal is born from proposal A to H.

The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI.
The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining a standalone artifact in OCI.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, will update in next commit


The purpose of the proposal, based on the maintainers feedback, is to address the concern maintaining standalone artifact in OCI.

## image spec platform object extention
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
## image spec platform object extention
## image spec platform object extension

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, spelling issue. will fix


### add platform.compatibilities descriptor

Add a new descriptor in platform object in [image index](https://github.com/opencontainers/image-spec/blob/main/image-index.md#image-index-property-descriptions).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this still imply another artifact, it's just linked to differently, directly from a manifest list?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea here is to address our concerns in current OCI specifications, avoid introduing a new standalone spec ( maintainers worried about new standard to maintain). so just add new descriptor in manifest entry's platform objector in image index, the descriptor will point to a manifest, in which the compatibilities could reside in config(the current commit), or in a new mediatype layer(another option).

it can be handled quite similar to artifact, but no need to use referrers api anymore.

the compatibilities now can be decoupled from container lifecycle,and optional for runtime engine, runtime engine can be configured to use the compatibilities or not, in sync or async order, it's easy for runtime engine to evolve.


- **`features`** _array of strings_

- **`compatibilities`** _[descriptor](https://github.com/opencontainers/image-spec/blob/main/descriptor.md)_
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is confusing because now I'm thinking the field "compatibilities" is part of a descriptor.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe another term would be better. your suggestion?


## Compatibilities Manifest

The compatibilities manifest is a special image manifest, contains only config and no blob layer.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this is another link / redirection to get to the compatibilities? If I understand:

image manifest list -> descriptor -> image manifest -> config (which has them)?

Copy link
Collaborator Author

@ChaoyiHuang ChaoyiHuang Jun 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this is another link / redirection to get to the compatibilities? If I understand:

image manifest list -> descriptor -> image manifest -> config (which has them)?

yes, this is the path to get the compatibilities content.

will submit another proposal to short the path by adding a new mediatype, as commented by Marcin


### Config Extention

The config object will be extened with compatibilities field.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean we need to do diffs and similar if you are combining layers from multiple images / multiple configs?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need. in this config, only compatibilities is valid content.

#### Example - image is compatible with different hardware combinations

```json
{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like just slightly changing the format / structure to look like a config over an artifact. There are still many jumps to get here - I'm not sure why this approach is better? It has more down sides, like requiring the person own the image / registry URI to be able to update or define the compatibilities. And then the issue of changing digests.

Copy link
Collaborator Author

@ChaoyiHuang ChaoyiHuang Jun 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for jump, it's similar as artifact.

It has more down sides, like requiring the person own the image / registry URI to be able to update or define the compatibilities. And then the issue of changing digests.

it's quite easy to update compatibilites, just replace the descriptor in the image index manifest entry. and the image manifest and blob layes itself doesn't need to update (no rebuild and redistribution), the image manifest digest didnot change. it's very flexible while keep current flow unchanged.

@ChaoyiHuang ChaoyiHuang changed the title Proposal I - - compatibilities extention in platform object Proposal I - compatibilities extension in image index platform and image manifest config Jun 12, 2024
…config

This proposal is born from proposal A to H.

Based on the maintainers feedback, The purpose of the proposal,
is to address the concern maintaining standalone artifact in OCI.
Spec update is done on image index platform and image manifest config.

Signed-off-by: joehuang <[email protected]>
Copy link
Collaborator

@sudo-bmitch sudo-bmitch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Putting this on hold until we can discuss the risk of unexpected data loss.


### add platform.compatibilities descriptor

Add a new descriptor in platform object in [image index](https://github.com/opencontainers/image-spec/blob/main/image-index.md#image-index-property-descriptions).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue that I raised on J: I have concerns that this descriptor would not be known to existing registries and client tooling. As a result, registries would accept an incomplete manifest, or silently delete the compatibility blob in a later GC cycle. And client tooling to copy images would fail to include the compatibility blobs.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sudo-bmitch is right, so far I confirmed that with regclient and zot registry.
For this proposal we would have to add a descriptor support to regclient and zot.
Didn't test other registries and tools yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants