-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support other OCI image sources in OCI launcher, via temp dir bundle. #1036
Labels
Milestone
Comments
17 tasks
dtrudg
added
enhancement
New feature or request
roadmap
Features / changes that are scheduled to be implemented
labels
Oct 10, 2022
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
Nov 15, 2022
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs#1036
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
Nov 15, 2022
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs#1036
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
Nov 16, 2022
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs#1036
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
Nov 16, 2022
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs#1036
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Dec 2, 2022
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Dec 2, 2022
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Dec 5, 2022
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Feb 9, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Feb 23, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Mar 31, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
May 24, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
May 24, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 14, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 14, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 16, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 4, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 11, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 21, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 24, 2023
When running containers in `--oci` mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e. * docker:// * docker-archive: * docker-daemon: * oci-archive: * oci: The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that: * Runs the process specified by CMD & ENTRYPOINT only. * Sets the environment specified by the image ENV only. The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in. The intent of the PR, at this stage, is simply to allow e.g. singularity run --oci docker://sylabsio/lolcow Closes sylabs/singularity#1036 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
In the OCI launcher flow, the launcher should be able to directly
run
from the following sources:This should be accomplished by setting up a temporary OCI bundle directory from the source image, which must be cleaned up when container execution completes.
A naive
config.json
will need to be setup. There is no support for arguments or options at this stage.The text was updated successfully, but these errors were encountered: