Categorygithub.com/google/go-containerregistrypkgv1remote
package
0.20.3
Repository: https://github.com/google/go-containerregistry.git
Documentation: pkg.go.dev
Versions
1
Dependencies
29
Dependents
650
Files
3.1k SLOC

# README

remote

GoDoc

The remote package implements a client for accessing a registry, per the OCI distribution spec.

It leans heavily on the lower level transport package, which handles the authentication handshake and structured errors.

Usage

package main

import (
	"github.com/google/go-containerregistry/pkg/authn"
	"github.com/google/go-containerregistry/pkg/name"
	"github.com/google/go-containerregistry/pkg/v1/remote"
)

func main() {
	ref, err := name.ParseReference("gcr.io/google-containers/pause")
	if err != nil {
		panic(err)
	}

	img, err := remote.Image(ref, remote.WithAuthFromKeychain(authn.DefaultKeychain))
	if err != nil {
		panic(err)
	}

	// do stuff with img
}

Structure

Background

There are a lot of confusingly similar terms that come up when talking about images in registries.

Anatomy of an image

In general...

  • A tag refers to an image manifest.
  • An image manifest references a config file and an orderered list of compressed layers by sha256 digest.
  • A config file references an ordered list of uncompressed layers by sha256 digest and contains runtime configuration.
  • The sha256 digest of the config file is the image id for the image.

For example, an image with two layers would look something like this:

image anatomy

Anatomy of an index

In the normal case, an index is used to represent a multi-platform image. This was the original use case for a manifest list.

image index anatomy

It is possible for an index to reference another index, per the OCI image-spec. In theory, both an image and image index can reference arbitrary things via descriptors, e.g. see the image layout example, which references an application/xml file from an image index.

That could look something like this:

strange image index anatomy

Using a recursive index like this might not be possible with all registries, but this flexibility allows for some interesting applications, e.g. the OCI Artifacts effort.

Anatomy of an image upload

The structure of an image requires a delicate ordering when uploading an image to a registry. Below is a (slightly simplified) figure that describes how an image is prepared for upload to a registry and how the data flows between various artifacts:

upload

Note that:

  • A config file references the uncompressed layer contents by sha256.
  • A manifest references the compressed layer contents by sha256 and the size of the layer.
  • A manifest references the config file contents by sha256 and the size of the file.

It follows that during an upload, we need to upload layers before the config file, and we need to upload the config file before the manifest.

Sometimes, we know all of this information ahead of time, (e.g. when copying from remote.Image), so the ordering is less important.

In other cases, e.g. when using a stream.Layer, we can't compute anything until we have already uploaded the layer, so we need to be careful about ordering.

Caveats

schema 1

This package does not support schema 1 images, see #377, however, it's possible to do something useful with them via remote.Get, which doesn't try to interpret what is returned by the registry.

crane.Copy takes advantage of this to implement support for copying schema 1 images, see here.

# Packages

Package transport provides facilities for setting up an authenticated http.RoundTripper given an Authenticator and base RoundTripper.

# Functions

Catalog calls /_catalog, returning the list of repositories on the registry.
CatalogPage calls /_catalog, returning the list of repositories on the registry.
CheckPushPermission returns an error if the given keychain cannot authorize a push operation to the given ref.
Delete removes the specified image reference from the remote registry.
Get returns a remote.Descriptor for the given reference.
Head returns a v1.Descriptor for the given reference by issuing a HEAD request.
Image provides access to a remote image reference.
Index provides access to a remote index reference.
Layer reads the given blob reference from a registry as a Layer.
List calls /tags/list for the given repository, returning the list of tags in the "tags" property.
ListWithContext calls List with the given context.
MultiWrite writes the given Images or ImageIndexes to the given refs, as efficiently as possible, by deduping shared layer blobs while uploading them in parallel.
Push uploads the given Taggable to the specified reference.
Put adds a manifest from the given Taggable via PUT /v1/.../manifest/<ref> Notable implementations of Taggable are v1.Image, v1.ImageIndex, and remote.Descriptor.
Referrers returns a list of descriptors that refer to the given manifest digest.
Reuse takes a Puller or Pusher and reuses it for remote interactions rather than starting from a clean slate.
Tag adds a tag to the given Taggable via PUT /v2/.../manifests/<tag> Notable implementations of Taggable are v1.Image, v1.ImageIndex, and remote.Descriptor.
WithAuth is a functional option for overriding the default authenticator for remote operations.
WithAuthFromKeychain is a functional option for overriding the default authenticator for remote operations, using an authn.Keychain to find credentials.
WithContext is a functional option for setting the context in http requests performed by a given function.
WithFilter sets the filter querystring for HTTP operations.
WithJobs is a functional option for setting the parallelism of remote operations performed by a given function.
WithNondistributable includes non-distributable (foreign) layers when writing images, see: https://github.com/opencontainers/image-spec/blob/master/layer.md#non-distributable-layers The default behaviour is to skip these layers.
WithPageSize sets the given size as the value of parameter 'n' in the request.
WithPlatform is a functional option for overriding the default platform that Image and Descriptor.Image use for resolving an index to an image.
WithProgress takes a channel that will receive progress updates as bytes are written.
WithRetryBackoff sets the httpBackoff for retry HTTP operations.
WithRetryPredicate sets the predicate for retry HTTP operations.
WithRetryStatusCodes sets which http response codes will be retried.
WithTransport is a functional option for overriding the default transport for remote operations.
WithUserAgent adds the given string to the User-Agent header for any HTTP requests.
Write pushes the provided img to the specified image reference.
WriteIndex pushes the provided ImageIndex to the specified image reference.
WriteLayer uploads the provided Layer to the specified repo.

# Variables

DefaultTransport is based on http.DefaultTransport with modifications documented inline below.
ErrSchema1 indicates that we received a schema1 manifest from the registry.

# Structs

Descriptor provides access to metadata about remote artifact and accessors for efficiently converting it into a v1.Image or v1.ImageIndex.
MountableLayer wraps a v1.Layer in a shim that enables the layer to be "mounted" when published to another registry.

# Interfaces

Taggable is an interface that enables a manifest PUT (e.g.

# Type aliases

Backoff is an alias of retry.Backoff to expose this configuration option to consumers of this lib.
Option is a functional option for remote operations.