oras 是处理 OCI
制品的实际工具,它将媒体类型视为拼图的关键部分,CNCF Sandbox 项目
介绍
什么是 OCI Registries
什么是 OCI Artifacts
- 长期以来(几乎从一开始),人们一直在使用/滥用 OCI 镜像仓库来存储非容器的东西
- 例如,可以把视频文件塞进 Docker 镜像中的一个层,然后把视频上传到 Docker Hub(千万别这么做)
- OCI Artifacts 项目试图定义一种有主见的方式,以便在不伪装成容器镜像的情况下,利用
OCI Registry
来处理任意Artifacts(制品) - 具体来说,OCI Image Manifests 有一个名为
config.mediaType
的必填字段。根据 OCI 工件提供的指南,该字段可用于区分不同类型的工件 - 使用此方法存储在
OCI Registry
的人工制品在此称为 OCI Artifacts
ORAS 介绍
ORAS
的工作原理与 docker 类似,它允许向(从) OCI Registry
推送(上传)和拉动(下载)内容,还能处理登录(身份验证)和令牌流(授权)- ORAS 的不同之处在于将重点从容器镜像转移到了其他类型的工件上
ORAS
正在发展成为通用制品存储中心。为了实现这一目标,ORAS 项目提供了一种将 OCI 制品推送到 OCI Registry
或从 OCI Registry
拉取 OCI 制品的方法。ORAS
是处理 OCI Artifacts
的实际工具,它将 媒体类型
视为拼图的关键部分,Container images(容器镜像)
永远不会被认为是有问题的人工制品- 默认情况下,使用 ORAS
推送工件时,config.mediaType
字段被设置为 unknown
application/vnd.unknown.config.v1+json
- 官方鼓励新使用
OCI Artifacts
的作者为其人工制品定义自己的特定媒体类型,他们的自定义客户端知道如何对其进行操作
官方提供两种使用方式:
安装 zot
- zot registry 是一个
OCI 原生容器注册中心(OCI-native container registry)
,用于分发容器映像和 OCI 工件 - 下面使用 docker 安装,更多安装方式参考
docker run -d -p 5001:5000 --name oras-quickstart ghcr.io/project-zot/zot-linux-amd64:latest
- 使用 oras 分发
OCI Artifacts
意味着将它们推送到注册中心,以便其他人可以提取使用
安装 oras cli
# Mac
brew install oras
# Linux
VERSION="1.1.0"
curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz"
mkdir -p oras-install/
tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
sudo mv oras-install/oras /usr/local/bin/
rm -rf oras_${VERSION}_*.tar.gz oras-install/
help
$ oras --help
Usage:
oras [command]
Available Commands:
attach [Preview] Attach files to an existing artifact
blob Blob operations
completion Generate the autocompletion script for the specified shell
cp Copy artifacts from one target to another
discover [Preview] Discover referrers of a manifest in a registry or an OCI image layout
help Help about any command
login Log in to a remote registry
logout Log out from a remote registry
manifest Manifest operations
pull Pull files from a registry or an OCI image layout
push Push files to a registry or an OCI image layout
repo Repository operations
resolve [Experimental] Resolves digest of the target artifact
tag Tag a manifest in a registry or an OCI image layout
version Show the oras version information
Flags:
-h, --help help for oras
Use "oras [command] --help" for more information about a command.
使用
echo "hello world" > artifact.txt
$ oras push --plain-http localhost:5001/hello-artifact:v1 \
--artifact-type application/vnd.acme.rocket.config \
artifact.txt:text/plain
✓ Uploaded artifact.txt 12/12 B 100.00% 12ms
└─ sha256:a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
✓ Uploaded application/vnd.oci.empty.v1+json 2/2 B 100.00% 12ms
└─ sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
✓ Uploaded application/vnd.oci.image.manifest.v1+json 562/562 B 100.00% 14ms
└─ sha256:752e5dd16792db0c3a2a553ebdb999f046edd1561941dfe27f1c0518a3747a3d
Pushed [registry] localhost:5001/hello-artifact:v1
ArtifactType: application/vnd.acme.rocket.config
Digest: sha256:752e5dd16792db0c3a2a553ebdb999f046edd1561941dfe27f1c0518a3747a3d
- 可以在 zot 查看 http://localhost:5001/
- 拉取制品(artifact)
$ oras pull localhost:5001/hello-artifact:v1
✓ Pulled artifact.txt 12/12 B 100.00% 576µs
└─ sha256:a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
✓ Pulled application/vnd.oci.image.manifest.v1+json 562/562 B 100.00% 1ms
└─ sha256:752e5dd16792db0c3a2a553ebdb999f046edd1561941dfe27f1c0518a3747a3d
Pulled [registry] localhost:5001/hello-artifact:v1
Digest: sha256:752e5dd16792db0c3a2a553ebdb999f046edd1561941dfe27f1c0518a3747a3d
# 1. Create a sample file
$ echo "hi world" > hi.txt
# 2. Attach the file
$ oras attach --artifact-type doc/example localhost:5001/hello-artifact:v1 hi.txt
✓ Exists application/vnd.oci.empty.v1+json 2/2 B 100.00% 0s
└─ sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
✓ Uploaded hi.txt 9/9 B 100.00% 13ms
└─ sha256:f29d1e5363d8637038591987b36d919d776f6e077a0b970b8e2919b7e04592b1
✓ Uploaded application/vnd.oci.image.manifest.v1+json 723/723 B 100.00% 9ms
└─ sha256:1ce65ebe56123010373366092e18d0d2a0371aeaaf40e0b0917968afb57d1ba7
Attached to [registry] localhost:5001/hello-artifact@sha256:752e5dd16792db0c3a2a553ebdb999f046edd1561941dfe27f1c0518a3747a3d
Digest: sha256:1ce65ebe56123010373366092e18d0d2a0371aeaaf40e0b0917968afb57d1ba7
# 3. View referrers
$ oras discover localhost:5001/hello-artifact:v1
localhost:5001/hello-artifact@sha256:752e5dd16792db0c3a2a553ebdb999f046edd1561941dfe27f1c0518a3747a3d
└── doc/example
└── sha256:1ce65ebe56123010373366092e18d0d2a0371aeaaf40e0b0917968afb57d1ba7