Hi, Am Donnerstag, 11. April 2019, 15:25:24 CEST schrieb Richard Brown:
On Thu, 11 Apr 2019 at 11:19, Aleksa Sarai <asarai@suse.de> wrote:
On 2019-04-11, Thorsten Kukuk <kukuk@suse.de> wrote:
On Thu, Apr 11, Aleksa Sarai wrote:
tumbleweed -> base container tumbleweed/apache -> derived container
is actually possible to do with stock Docker Distribution -- because the "tumbleweed/" somewhat acts as a directory and I'm not sure if you can publish an image with the same name as a repo.
Alpine is doing that on docker hub as far as I could see, but I also would not do that to get people not confused.
"docker pull alpine" translates to "docker pull docker.io/library/alpine". So while it looks the same, internally it gets translated long before it hits the registry.
We're shipping podman by default in our container focused openSUSE offerings
Yes, but the images offered are (hopefully!) not only used on openSUSE systems. In this case Alexa has a valid concern about namespace/repo name overlap, which is something we can't just ignore because "it works on openSUSE". Containers are meant to work outside of a single environment after all. registry.opensuse.org doesn't really validate names or anything else for that matter, so we would need to be careful here. You can just create an image called "föo:latest:latest" if you wanted to, but it just wouldn't work with every client.
There we do not have dockers limitations, and can have multiple registries, which podman will use, in order
Therefore I want a situation where
"podman pull tumbleweed" translates to registry.opensuse.org/tumbleweed and pulls the Tumbleweed base conatiner
"podman pull leap" should pull registry.opensuse.org/leap, pulling the Leap base container
"podman pull kubic" should pull registry.opensuse.org, the "Kubic base container" (aka the Tumbleweed base container under a different name)
That's debatable - do we actually need a Kubic base container? The current kubic-* containers are all using plain Tumbleweed as content, so they would perfectly fit the "tumbleweed/$containername" description. I'd say we would need it if we can answer this question appropriately: What would be the difference between e.g. tumbleweed/cilium and kubic/cilium? If so, the answer could be the base for a definition on what "kubic/" means.
Derived containers should be $base/$containername
eg. tumbleweed/busybox leap/whatever kubic/pause
For synergy with docker (where we do not have that luxury of being able to practically use a trusted registry by default, nor do docker have the support for reflecting how our distributions are delivered) I ALSO want the following to work
"podman pull opensuse/tumbleweed" or "docker pull opensuse/tumbleweed" should pull the Tumbleweed base container, from registry.opensuse.org in podman or docker hub in docker "podman|docker pull opensuse/leap" for leap
Technically doable, just not supported by kiwi currently - multiple tags are allowed (additonaltags="latest,%OS_VERSION_ID%"), but not multiple namespace/repository names.
I think the way we've done mapping with registry.opensuse.org should work fine with that already.
Yes.
Putting my suggestions all together and in other words; I do not think there should be an 'opensuse' container, because there is no 'opensuse' distribution
opensuse/ is just a namespace - there isn't a home base container either just because you can pull registry.opensuse.org/home/foo/bar/baz. I'd say as long as there is a clear definition what each namespace means, it doesn't necessarily have to be uniform to "$base/$containername".
I think derivatives should reference their base container (eg tumbleweed/$foo) For Kubic specific containers the "kubic base container" should just be an alias/rebuild of the tumbleweed one under that different name.
Does all of this make sense and answer your question Fabian?
Yes and yes - but let's wait for some more opinions on this topic. Cheers, Fabian -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org