command: docker manifest short: Manage Docker image manifests and manifest lists long: "The `docker manifest` command by itself performs no action. In order to operate\non a manifest or manifest list, one of the subcommands must be used.\n\nA single manifest is information about an image, such as layers, size, and digest.\nThe docker manifest command also gives users additional information such as the os\nand architecture an image was built for.\n\nA manifest list is a list of image layers that is created by specifying one or\nmore (ideally more than one) image names. It can then be used in the same way as\nan image name in `docker pull` and `docker run` commands, for example.\n\nIdeally a manifest list is created from images that are identical in function for\ndifferent os/arch combinations. For this reason, manifest lists are often referred to as\n\"multi-arch images\". However, a user could create a manifest list that points\nto two images -- one for windows on amd64, and one for darwin on amd64.\n\n### manifest inspect\n\n```\nmanifest inspect --help\n\nUsage: docker manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST\n\nDisplay an image manifest, or manifest list\n\nOptions:\n --help Print usage\n --insecure Allow communication with an insecure registry\n -v, --verbose Output additional info including layers and platform\n```\n\n### manifest create \n\n```bash\nUsage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]\n\nCreate a local manifest list for annotating and pushing to a registry\n\nOptions:\n -a, --amend Amend an existing manifest list\n --insecure Allow communication with an insecure registry\n --help Print usage\n```\n\n### manifest annotate\n```bash\nUsage: \ docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST\n\nAdd additional information to a local image manifest\n\nOptions:\n --arch string Set architecture\n \ --help Print usage\n --os string Set operating system\n --os-features stringSlice Set operating system feature\n \ --variant string Set architecture variant\n\n```\n\n### manifest push\n```bash\nUsage: docker manifest push [OPTIONS] MANIFEST_LIST\n\nPush a manifest list to a repository\n\nOptions:\n --help Print usage\n --insecure \ Allow push to an insecure registry\n -p, --purge Remove the local manifest list after push\n```\n\n### Working with insecure registries\n\nThe manifest command interacts solely with a Docker registry. Because of this, it has no way to query the engine for the list of allowed insecure registries. To allow the CLI to interact with an insecure registry, some `docker manifest` commands have an `--insecure` flag. For each transaction, such as a `create`, which queries a registry, the `--insecure` flag must be specified. This flag tells the CLI that this registry call may ignore security concerns like missing or self-signed certificates. Likewise, on a `manifest push` to an insecure registry, the `--insecure` flag must be specified. If this is not used with an insecure registry, the manifest command fails to find a registry that meets the default requirements." usage: docker manifest COMMAND pname: docker plink: docker.yaml cname: - docker manifest annotate - docker manifest create - docker manifest inspect - docker manifest push clink: - docker_manifest_annotate.yaml - docker_manifest_create.yaml - docker_manifest_inspect.yaml - docker_manifest_push.yaml examples: "### Inspect an image's manifest object\n \n```bash\n$ docker manifest inspect hello-world\n{\n \"schemaVersion\": 2,\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n \ \"config\": {\n \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n \ \"size\": 1520,\n \"digest\": \"sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57\"\n \ },\n \"layers\": [\n {\n \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n \"size\": 972,\n \"digest\": \"sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28\"\n \ }\n ]\n}\n```\n\n### Inspect an image's manifest and get the os/arch info\n\nThe `docker manifest inspect` command takes an optional `--verbose` flag\nthat gives you the image's name (Ref), and architecture and os (Platform).\n\nJust as with other docker commands that take image names, you can refer to an image with or\nwithout a tag, or by digest (e.g. hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f).\n\nHere is an example of inspecting an image's manifest with the `--verbose` flag:\n\n```bash\n$ docker manifest inspect --verbose hello-world\n{\n \"Ref\": \"docker.io/library/hello-world:latest\",\n \ \"Digest\": \"sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f\",\n \ \"SchemaV2Manifest\": {\n \"schemaVersion\": 2,\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n \"config\": {\n \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n \ \"size\": 1520,\n \"digest\": \"sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57\"\n \ },\n \"layers\": [\n {\n \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n \"size\": 972,\n \"digest\": \"sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28\"\n \ }\n ]\n },\n \"Platform\": {\n \"architecture\": \"amd64\",\n \"os\": \"linux\"\n \ }\n}\n```\n\n### Create and push a manifest list\n\nTo create a manifest list, you first `create` the manifest list locally by specifying the constituent images you would\nlike to have included in your manifest list. Keep in mind that this is pushed to a registry, so if you want to push\nto a registry other than the docker registry, you need to create your manifest list with the registry name or IP and port.\nThis is similar to tagging an image and pushing it to a foreign registry.\n\nAfter you have created your local copy of the manifest list, you may optionally\n`annotate` it. Annotations allowed are the architecture and operating system (overriding the image's current values),\nos features, and an archictecure variant. \n\nFinally, you need to `push` your manifest list to the desired registry. Below are descriptions of these three commands,\nand an example putting them all together.\n\n```bash\n$ docker manifest create 45.55.81.106:5000/coolapp:v1 \\\n 45.55.81.106:5000/coolapp-ppc64le-linux:v1 \\\n 45.55.81.106:5000/coolapp-arm-linux:v1 \\\n 45.55.81.106:5000/coolapp-amd64-linux:v1 \\\n 45.55.81.106:5000/coolapp-amd64-windows:v1\nCreated manifest list 45.55.81.106:5000/coolapp:v1\n```\n\n```bash\n$ docker manifest annotate 45.55.81.106:5000/coolapp:v1 45.55.81.106:5000/coolapp-arm-linux --arch arm\n```\n\n```bash\n$ docker manifest push 45.55.81.106:5000/coolapp:v1\nPushed manifest 45.55.81.106:5000/coolapp@sha256:9701edc932223a66e49dd6c894a11db8c2cf4eccd1414f1ec105a623bf16b426 with digest: sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b\nPushed manifest 45.55.81.106:5000/coolapp@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f with digest: sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a\nPushed manifest 45.55.81.106:5000/coolapp@sha256:39dc41c658cf25f33681a41310372f02728925a54aac3598310bfb1770615fc9 with digest: sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8\nPushed manifest 45.55.81.106:5000/coolapp@sha256:f91b1145cd4ac800b28122313ae9e88ac340bb3f1e3a4cd3e59a3648650f3275 with digest: sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62\nsha256:050b213d49d7673ba35014f21454c573dcbec75254a08f4a7c34f66a47c06aba\n\n```\n\n### Inspect a manifest list\n\n```bash\n$ docker manifest inspect coolapp:v1\n{\n \"schemaVersion\": 2,\n \"mediaType\": \"application/vnd.docker.distribution.manifest.list.v2+json\",\n \ \"manifests\": [\n {\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n \ \"size\": 424,\n \"digest\": \"sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b\",\n \ \"platform\": {\n \"architecture\": \"arm\",\n \"os\": \"linux\"\n }\n },\n {\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n \ \"size\": 424,\n \"digest\": \"sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a\",\n \ \"platform\": {\n \"architecture\": \"amd64\",\n \"os\": \"linux\"\n }\n },\n {\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n \ \"size\": 425,\n \"digest\": \"sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8\",\n \ \"platform\": {\n \"architecture\": \"ppc64le\",\n \"os\": \"linux\"\n }\n },\n {\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n \ \"size\": 425,\n \"digest\": \"sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62\",\n \ \"platform\": {\n \"architecture\": \"s390x\",\n \"os\": \"linux\"\n }\n }\n ]\n}\n```\n\n### Push to an insecure registry\n\nHere is an example of creating and pushing a manifest list using a known insecure registry.\n\n```\n$ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \\\n myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \\\n myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \\\n myprivateregistry.mycompany.com/repo/image-linux-arm:1.0 \\\n myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \\\n myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \\\n myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0\n```\n```\n$ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag\n```\n\nNote that the `--insecure` flag is not required to annotate a manifest list, since annotations are to a locally-stored copy of a manifest list. You may also skip the `--insecure` flag if you are performaing a `docker manifest inspect` on a locally-stored manifest list. Be sure to keep in mind that locally-stored manifest lists are never used by the engine on a `docker pull`." deprecated: false experimental: false experimentalcli: true kubernetes: false swarm: false