GoogleContainerTools
FR: setting OCI base image annotations
The OCI spec recently added specification for two new standard annotations, to facilitate pointing to a base image:
- org.opencontainers.image.base.digest Digest of the image this image is based on (string)
- This SHOULD be the immediate image sharing zero-indexed layers with the image, such as from a Dockerfile
FROMstatement.- This SHOULD NOT reference any other images used to generate the contents of the image (e.g., multi-stage Dockerfile builds).
- org.opencontainers.image.base.name Image reference of the image this image is based on (string)
- This SHOULD be image references in the format defined by distribution/distribution.
- This SHOULD be a fully qualified reference name, without any assumed default registry. (e.g.,
registry.example.com/my-org/my-image:taginstead ofmy-org/my-image:tag).- This SHOULD be the immediate image sharing zero-indexed layers with the image, such as from a Dockerfile
FROMstatement.- This SHOULD NOT reference any other images used to generate the contents of the image (e.g., multi-stage Dockerfile builds).
- If the
image.base.nameannotation is specified, theimage.base.digestannotation SHOULD be the digest of the manifest referenced by theimage.ref.nameannotation.
More details and further motivation here: https://articles.imjasonh.com/oci-base-image-annotations
I'd like to discuss and propose that kaniko set these annotations on images it produces by default, pointing to the ref and digest of the FROM image that produces the final built image. (note: this does not include any images implicated in multi-stage builds)
@imjasonh do you still recommend adding theses image annotations? Can you give any insights as to how this might help kaniko users or how OCI image annotations are being used currently? Thanks!
Are there any updates on this feature request? Label schema is marked as obsolete for OCI
The linkes issue greatly explains the need of this Feature. Is there a plan to implementiert this?
