Skip to content

Commit

Permalink
chore: detect deprecated manifest v2 schema 1 (closes #2)
Browse files Browse the repository at this point in the history
  • Loading branch information
leogr committed Aug 28, 2019
1 parent ea314f6 commit 5408795
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 4 deletions.
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,12 @@ First, Prometheus and Grafana need to be installed in your cluster.

Then it's easy to [create alerts](grafana#creating-alerts) using the provided [Grafana dashboard](grafana)

### Why my image cannot be signed? (manifest v2 schema 1)

The image manifest v2 schema 1 format is [deprecated](https://docs.docker.com/engine/deprecated/#pushing-and-pulling-with-image-manifest-v2-schema-1) in favor of the v2 schema 2 format.

Please, move to v2 schema 2 as soon as possible. Usually, you can fix that simply by pushing your image again on the registry.

### Cannot create resource "clusterrolebindings"

Recent versions of Kubernetes employ a [role-based access control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (or RBAC) system to drive authorization decisions. It might be possible that your account does not have enough privileges to create the `ClusterRole` needed to get cluster-wide access.
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ require (
github.com/btcsuite/btcd v0.0.0-20190629003639-c26ffa870fd8 // indirect
github.com/ethereum/go-ethereum v1.8.27 // indirect
github.com/golang/snappy v0.0.1 // indirect
github.com/google/go-containerregistry v0.0.0-20190531175139-2687bd5ba651
github.com/google/go-containerregistry v0.0.0-20190828024420-cba75e9e5208
github.com/google/uuid v1.1.1 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.9.3 // indirect
github.com/karalabe/hid v1.0.0 // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -125,8 +125,8 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-containerregistry v0.0.0-20190531175139-2687bd5ba651 h1:hYhlBjVCLlkgDMRa1wE1JB3ObGUj9OZjQu4b9xtythQ=
github.com/google/go-containerregistry v0.0.0-20190531175139-2687bd5ba651/go.mod h1:yZAFP63pRshzrEYLXLGPmUt0Ay+2zdjmMN1loCnRLUk=
github.com/google/go-containerregistry v0.0.0-20190828024420-cba75e9e5208 h1:zV89afNTuJnTLCRgAoID/cMykimhGLJu3y8G+1zexPw=
github.com/google/go-containerregistry v0.0.0-20190828024420-cba75e9e5208/go.mod h1:yZAFP63pRshzrEYLXLGPmUt0Ay+2zdjmMN1loCnRLUk=
github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck=
Expand Down
6 changes: 5 additions & 1 deletion pkg/image/resolve.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ func image(imageRef string, keychain authn.Keychain) (containerregistry.Image, e
func configDigest(imageRef string, keychain authn.Keychain) (string, error) {
img, err := image(imageRef, keychain)
if err != nil {
if _, ok := err.(*remote.ErrSchema1); ok {
return "", fmt.Errorf("image manifest v2 schema 1 is deprecated: %s", imageRef)
}
return "", fmt.Errorf("reading image %s: %v", imageRef, err)
}

Expand Down Expand Up @@ -69,7 +72,8 @@ func configDigest(imageRef string, keychain authn.Keychain) (string, error) {
//
// Note:
// - only sha256 digests are supported
// - Docker Manifest v1 is not yet supported, see:
// - Docker Manifest v2 Schema 1 is deprecated and not supported anymore, see:
// - https://docs.docker.com/engine/deprecated/#pushing-and-pulling-with-image-manifest-v2-schema-1
// https://github.com/google/go-containerregistry/blob/master/pkg/v1/remote/descriptor.go#L111
// https://github.com/google/go-containerregistry/issues/377
func Resolve(imageID string, keychain authn.Keychain) (string, error) {
Expand Down

0 comments on commit 5408795

Please sign in to comment.