docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

desktop: update c8d image store description 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2024-02-08 14:10:53 +01:00
parent 287cfd605e
commit bd4f1b99d1
1 changed files with 45 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

187
content/desktop/containerd.md
View File

@ -8,173 +8,76 @@ toc_max: 3
This page provides information about the ongoing integration of `containerd` for This page provides information about the ongoing integration of `containerd` for
image and file system management in the Docker Engine. image and file system management in the Docker Engine.
## What is the containerd image store? ## What is containerd?
`containerd` is a container runtime that manages the container lifecycle, and `containerd` is an abstraction of the low-level kernel features
provides image and filesystem management. It's a low-level building block, used to run and manage containers on a system.
designed to be integrated into other systems, such as Docker and Kubernetes. It's a platform used in container software like Docker and Kubernetes.
Docker Engine already uses `containerd` for container lifecycle management, which Docker Engine already uses `containerd` for container lifecycle management,
includes creating, starting, and stopping containers. This page describes the which includes creating, starting, and stopping containers.
next step of containerd integration for Docker Engine: the image store. This page describes the next step of the containerd integration for Docker:
the containerd image store.
The image store is the component responsible for pushing, pulling, and storing ## Image store
images. Integrating the containerd image store enables many new features in the
Docker Engine, including:
- containerd snapshotters, such as [stargz][1] for lazy-pulling images on startup, The image store is the component responsible for pushing, pulling,
and storing images on the filesystem.
The classic Docker image store is limited in the types of images that it supports.
For example, it doesn't support image indices, containing manifest lists.
When you create multi-platform images, for example,
the image index resolves all the platform-specific variants of the image.
An image index is also required when building images with attestations.
The containerd image store extends range of image types
that the Docker Engine can natively interact with.
While this is a low-level architectural change,
it's a prerequisite for unlocking a range of new use cases, including:
- [Build multi-platform images](#build-multi-platform-images) and images with attestations
- Support for using containerd snapshotters with unique characteristics,
such as [stargz][1] for lazy-pulling images on container startup,
or [nydus][2] and [dragonfly][3] for peer-to-peer image distribution. or [nydus][2] and [dragonfly][3] for peer-to-peer image distribution.
- Natively store and build multi-platform images, and other OCI content types
that may emerge in the future.
- Ability to run [Wasm](wasm.md) containers - Ability to run [Wasm](wasm.md) containers
[1]: https://github.com/containerd/stargz-snapshotter [1]: https://github.com/containerd/stargz-snapshotter
[2]: https://github.com/containerd/nydus-snapshotter [2]: https://github.com/containerd/nydus-snapshotter
[3]: https://github.com/dragonflyoss/image-service [3]: https://github.com/dragonflyoss/image-service
The image store integration is still at an early stage, so not all features are ## Enable the containerd image store
yet supported.
## Turn on the containerd image store feature After switching to the containerd image store,
images and containers in the classic image store won't be visible.
All of those containers and images still exist.
To see them again, turn off the containerd image store feature.
The containerd image store isn't turned on by default. To start using the The containerd image store isn't enabled by default.
feature: To enable the feature for Docker Desktop:
1. Navigate to **Settings**. 1. Navigate to **Settings** in Docker Desktop.
2. In the **General** tab, check **Use containerd for pulling and storing images**. 2. In the **General** tab, check **Use containerd for pulling and storing images**.
3. Select **Apply & Restart** 3. Select **Apply & Restart**.
To turn off this feature, clear the **Use containerd for pulling and storing To disable the containerd image store,
images** checkbox. clear the **Use containerd for pulling and storing images** checkbox.
> **Tip** ## Build multi-platform images
>
> After switching to the containerd image store, images and containers from the
> default image store won't be visible. All of those containers and images
> still exist. To see them again, turn off the containerd image store feature.
{ .tip }
## Building multi-platform images The term multi-platform image refers to a bundle of images for multiple different architectures.
The term multi-platform image refers to a bundle of images that can run on different architectures.
Out of the box, the default builder for Docker Desktop doesn't support building multi-platform images. Out of the box, the default builder for Docker Desktop doesn't support building multi-platform images.
```console ```console
$ docker buildx ls | grep "DRIVER\|*" $ docker build --platform=linux/amd64,linux/arm64 .
NAME/NODE DRIVER/ENDPOINT STATUS BUILDKIT PLATFORMS
default * docker
$ docker buildx build --platform=linux/amd64,linux/arm64 .
[+] Building 0.0s (0/0) [+] Building 0.0s (0/0)
ERROR: multiple platforms feature is currently not supported for docker driver. Please switch to a different driver (eg. "docker buildx create --use") ERROR: Multi-platform build is not supported for the docker driver.
Switch to a different driver, or turn on the containerd image store, and try again.
Learn more at https://docs.docker.com/go/build-multi-platform/
``` ```
Normally, building multi-platform images requires you to create a new builder, Enabling the containerd image store lets you build multi-platform images
using a driver that supports multi-platform builds. and load them to your local image store:
But even then, you can't load the multi-platform images to your local image store.
```console <script async id="asciicast-ZSUI4Mi2foChLjbevl2dxt5GD" src="https://asciinema.org/a/ZSUI4Mi2foChLjbevl2dxt5GD.js"></script>
$ docker buildx create --bootstrap
[+] Building 2.4s (1/1) FINISHED
=> [internal] booting buildkit
=> => pulling image moby/buildkit:buildx-stable-1
=> => creating container buildx_buildkit_objective_blackburn0
objective_blackburn
$ docker buildx build --quiet \
--platform=linux/amd64,linux/arm64 \
--builder=objective_blackburn \
--load .
ERROR: docker exporter does not currently support exporting manifest lists
```
Turning on the containerd image store lets you build, and load, multi-platform images
to your local image store, all while using the default builder.
```console
$ docker info --format="{{ .Driver }}"
stargz
$ docker buildx build \
--platform=linux/arm64,linux/amd64 \
--tag=user/containerd-multiplatform .
[+] Building 6.2s (11/11) FINISHED
...
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 115B 0.0s
=> [linux/arm64 internal] load metadata for docker.io/library/alpine:latest 2.0s
=> [linux/amd64 internal] load metadata for docker.io/library/alpine:latest 2.1s
=> [linux/amd64 1/1] FROM docker.io/library/alpine@sha256:124c7d2707904e... 0.0s
=> => resolve docker.io/library/alpine@sha256:124c7d2707904eea7431fffe91... 0.0s
=> [linux/arm64 1/1] FROM docker.io/library/alpine@sha256:124c7d2707904e... 0.0s
=> => resolve docker.io/library/alpine@sha256:124c7d2707904eea7431fffe91... 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
...
=> => naming to docker.io/user/containerd-multiplatform:latest 0.0s
=> => unpacking to docker.io/user/containerd-multiplatform:latest 0.0s
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
user/containerd-multiplatform latest 7401bb14c229 14 seconds ago 3.38MB
user/containerd-multiplatform latest 7401bb14c229 14 seconds ago 3.26MB
```
You can push the multi-platform image to Docker Hub.
```console
$ docker push user/containerd-multiplatform
Using default tag: latest
699c4e744ab4: Pushed
878d877e4f70: Pushed
f56be85fc22e: Pushed
a579f49700dc: Pushed
c41833b44d91: Pushed
ee79e74f9211: Pushed
d28bdb47b683: Pushed
```
Inspecting the tag on Docker Hub shows that the image is available for multiple platforms.
![Multiplatform image tag on Docker Hub](images/containerd_multiplatform.png)
## Known issues
### Docker Desktop 4.13.0 release
- Listing images with `docker images` returns the error
`content digest not found` on ARM machines after running or pulling an image
with the `--platform` parameter.
### Docker Desktop 4.12.0 release
- The containerd image store feature requires Buildx version 0.9.0 or newer.
- On Docker Desktop for Linux (DD4L), validate if your locally installed
version meets this requirement.
> **Note**
>
> If you're using an older version, the Docker daemon reports the following
> error:
> `Multiple platforms feature is currently not supported for docker driver.`
> `Please switch to a different driver`.
>
> Install a newer version of Buildx following the instructions on
> [how to manually download Buildx](../../build/architecture.md#install-buildx).
- In Docker Desktop 4.12.0, the containerd image store feature is incompatible
with the Kubernetes cluster support. Turn off the containerd image store
feature if you are using the Kubernetes from Docker Desktop.
- Local registry mirror configuration isn't implemented yet with the containerd
image store. The `registry-mirrors` and `insecure-registries` aren't taken
into account by the Docker daemon.
- The `reference` filter isn't implemented yet and will return the error
`invalid filter 'reference'` when listing images.
- Pulling an image may fail with the error
`pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed`,
in the situation where the image does not contain a manifest list. To
workaround this issue run the `docker login` command and pull the image again.
## Feedback ## Feedback