Hi, Am Donnerstag, 11. April 2019, 16:14:43 CEST schrieb Richard Brown:
On Thu, 11 Apr 2019 at 15:56, Fabian Vogt <fvogt@suse.de> wrote:
We're shipping podman by default in our container focused openSUSE offerings
Yes, but the images offered are (hopefully!) not only used on openSUSE systems.
In this case Alexa has a valid concern about namespace/repo name overlap, which is something we can't just ignore because "it works on openSUSE". Containers are meant to work outside of a single environment after all.
Yes, but we shouldn't just cater to the lowest common denominator of one less-than-ideal runtime.
I would say that we need to - the majority of users use docker. Granted, I don't have any numbers to prove that, but I've seen much more "docker pull" or "docker build" in the wild than anything else.
My proposals work for any other distribution using any saner OCI runtime, such as podman on Fedora, who may have registry.opensuse.org interleaved between a Fedora registry and dockerhub in their registry config for example.
In that case their "podman pull fedora" would pull a fedora image from a fedora registry, "podman pull tumbleweed" would pull TW from our registry, and "podman pull alpine" from the docker hub.
That's debatable - do we actually need a Kubic base container? The current kubic-* containers are all using plain Tumbleweed as content, so they would perfectly fit the "tumbleweed/$containername" description. I'd say we would need it if we can answer this question appropriately: What would be the difference between e.g. tumbleweed/cilium and kubic/cilium? If so, the answer could be the base for a definition on what "kubic/" means.
I'd be fine without a kubic/ base container or namespace, and having all Kubic configurations/manifests referencing tumbleweed/$foo instead.
"podman pull opensuse/tumbleweed" or "docker pull opensuse/tumbleweed" should pull the Tumbleweed base container, from registry.opensuse.org in podman or docker hub in docker "podman|docker pull opensuse/leap" for leap
Technically doable, just not supported by kiwi currently - multiple tags are allowed (additonaltags="latest,%OS_VERSION_ID%"), but not multiple namespace/repository names.
I think the way we've done mapping with registry.opensuse.org should work fine with that already.
Yes.
I'm confused - you say kiwi doesn't support it, then agree with my suggestion that we have it working already.
I meant that the pull commands you wrote there ("podman pull opensuse/tumbleweed"/"podman|docker pull opensuse/leap") already work, not the aliasing to their counterpart without opensuse/.
If registry.opensuse.org maps the /opensuse namespace as it's default for the purposes of people pulling from registry.opensuse.org, I don't care how ;)
That's a misunderstanding: registry.opensuse.org does not map anything. The containers itself contain "opensuse/tumbleweed" as name. Every container published below the openSUSE:Containers project is published at the registry "root", registry.opensuse.org/ as-is.
Putting my suggestions all together and in other words; I do not think there should be an 'opensuse' container, because there is no 'opensuse' distribution
opensuse/ is just a namespace - there isn't a home base container either just because you can pull registry.opensuse.org/home/foo/bar/baz.
I'd say as long as there is a clear definition what each namespace means, it doesn't necessarily have to be uniform to "$base/$containername".
True, but in the opensuse/ namespace, aka the default registry.opensuse.org namespace, aka the "official openSUSE containers" namespace,
There is no such thing as a "default registry namespace" - it's a flat map and official containers can place themselves anywhere they want to. If we need aliases, those should be part of the container images themselves.
I think the $base/$containername approach is the only reasonable one available.
Cheers, Fabian -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org