docs/_data/engine-cli-edge/docker_manifest.yaml

command: docker manifest
short: Manage Docker image manifests and manifest lists
long: "The `docker manifest` command by itself performs no action. In order to operate\non
  a manifest or manifest list, one of the subcommands must be used.\n\nA single manifest
  is information about an image, such as layers, size, and digest.\nThe docker manifest
  command also gives users additional information such as the os\nand architecture
  an image was built for.\n\nA manifest list is a list of image layers that is created
  by specifying one or\nmore (ideally more than one) image names. It can then be used
  in the same way as\nan image name in `docker pull` and `docker run` commands, for
  example.\n\nIdeally a manifest list is created from images that are identical in
  function for\ndifferent os/arch combinations. For this reason, manifest lists are
  often referred to as\n\"multi-arch images\". However, a user could create a manifest
  list that points\nto two images -- one for windows on amd64, and one for darwin
  on amd64.\n\n### manifest inspect\n\n```\nmanifest inspect --help\n\nUsage:  docker
  manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST\n\nDisplay an image manifest,
  or manifest list\n\nOptions:\n      --help       Print usage\n      --insecure   Allow
  communication with an insecure registry\n  -v, --verbose    Output additional info
  including layers and platform\n```\n\n### manifest create \n\n```bash\nUsage:  docker
  manifest create MANIFEST_LIST MANIFEST [MANIFEST...]\n\nCreate a local manifest
  list for annotating and pushing to a registry\n\nOptions:\n  -a, --amend      Amend
  an existing manifest list\n      --insecure   Allow communication with an insecure
  registry\n      --help       Print usage\n```\n\n### manifest annotate\n```bash\nUsage:
  \ docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST\n\nAdd additional information
  to a local image manifest\n\nOptions:\n      --arch string               Set architecture\n
  \     --help                      Print usage\n      --os string                 Set
  operating system\n      --os-features stringSlice   Set operating system feature\n
  \     --variant string            Set architecture variant\n\n```\n\n### manifest
  push\n```bash\nUsage:  docker manifest push [OPTIONS] MANIFEST_LIST\n\nPush a manifest
  list to a repository\n\nOptions:\n      --help       Print usage\n      --insecure
  \  Allow push to an insecure registry\n  -p, --purge      Remove the local manifest
  list after push\n```\n\n### Working with insecure registries\n\nThe manifest command
  interacts solely with a Docker registry. Because of this, it has no way to query
  the engine for the list of allowed insecure registries. To allow the CLI to interact
  with an insecure registry, some `docker manifest` commands have an `--insecure`
  flag. For each transaction, such as a `create`, which queries a registry, the `--insecure`
  flag must be specified. This flag tells the CLI that this registry call may ignore
  security concerns like missing or self-signed certificates. Likewise, on a `manifest
  push` to an insecure registry, the `--insecure` flag must be specified. If this
  is not used with an insecure registry, the manifest command fails to find a registry
  that meets the default requirements."
usage: docker manifest COMMAND
pname: docker
plink: docker.yaml
cname:
- docker manifest annotate
- docker manifest create
- docker manifest inspect
- docker manifest push
clink:
- docker_manifest_annotate.yaml
- docker_manifest_create.yaml
- docker_manifest_inspect.yaml
- docker_manifest_push.yaml
examples: "### Inspect an image's manifest object\n \n```bash\n$ docker manifest inspect
  hello-world\n{\n        \"schemaVersion\": 2,\n        \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n
  \       \"config\": {\n                \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n
  \               \"size\": 1520,\n                \"digest\": \"sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57\"\n
  \       },\n        \"layers\": [\n                {\n                        \"mediaType\":
  \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n                        \"size\":
  972,\n                        \"digest\": \"sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28\"\n
  \               }\n        ]\n}\n```\n\n### Inspect an image's manifest and get
  the os/arch info\n\nThe `docker manifest inspect` command takes an optional `--verbose`
  flag\nthat gives you the image's name (Ref), and architecture and os (Platform).\n\nJust
  as with other docker commands that take image names, you can refer to an image with
  or\nwithout a tag, or by digest (e.g. hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f).\n\nHere
  is an example of inspecting an image's manifest with the `--verbose` flag:\n\n```bash\n$
  docker manifest inspect --verbose hello-world\n{\n        \"Ref\": \"docker.io/library/hello-world:latest\",\n
  \       \"Digest\": \"sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f\",\n
  \       \"SchemaV2Manifest\": {\n                \"schemaVersion\": 2,\n                \"mediaType\":
  \"application/vnd.docker.distribution.manifest.v2+json\",\n                \"config\":
  {\n                        \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n
  \                       \"size\": 1520,\n                        \"digest\": \"sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57\"\n
  \               },\n                \"layers\": [\n                        {\n                                \"mediaType\":
  \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n                                \"size\":
  972,\n                                \"digest\": \"sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28\"\n
  \                       }\n                ]\n        },\n        \"Platform\":
  {\n                \"architecture\": \"amd64\",\n                \"os\": \"linux\"\n
  \       }\n}\n```\n\n### Create and push a manifest list\n\nTo create a manifest
  list, you first `create` the manifest list locally by specifying the constituent
  images you would\nlike to have included in your manifest list. Keep in mind that
  this is pushed to a registry, so if you want to push\nto a registry other than the
  docker registry, you need to create your manifest list with the registry name or
  IP and port.\nThis is similar to tagging an image and pushing it to a foreign registry.\n\nAfter
  you have created your local copy of the manifest list, you may optionally\n`annotate`
  it. Annotations allowed are the architecture and operating system (overriding the
  image's current values),\nos features, and an archictecure variant. \n\nFinally,
  you need to `push` your manifest list to the desired registry. Below are descriptions
  of these three commands,\nand an example putting them all together.\n\n```bash\n$
  docker manifest create 45.55.81.106:5000/coolapp:v1 \\\n    45.55.81.106:5000/coolapp-ppc64le-linux:v1
  \\\n    45.55.81.106:5000/coolapp-arm-linux:v1 \\\n    45.55.81.106:5000/coolapp-amd64-linux:v1
  \\\n    45.55.81.106:5000/coolapp-amd64-windows:v1\nCreated manifest list 45.55.81.106:5000/coolapp:v1\n```\n\n```bash\n$
  docker manifest annotate 45.55.81.106:5000/coolapp:v1 45.55.81.106:5000/coolapp-arm-linux
  --arch arm\n```\n\n```bash\n$ docker manifest push 45.55.81.106:5000/coolapp:v1\nPushed
  manifest 45.55.81.106:5000/coolapp@sha256:9701edc932223a66e49dd6c894a11db8c2cf4eccd1414f1ec105a623bf16b426
  with digest: sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b\nPushed
  manifest 45.55.81.106:5000/coolapp@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f
  with digest: sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a\nPushed
  manifest 45.55.81.106:5000/coolapp@sha256:39dc41c658cf25f33681a41310372f02728925a54aac3598310bfb1770615fc9
  with digest: sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8\nPushed
  manifest 45.55.81.106:5000/coolapp@sha256:f91b1145cd4ac800b28122313ae9e88ac340bb3f1e3a4cd3e59a3648650f3275
  with digest: sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62\nsha256:050b213d49d7673ba35014f21454c573dcbec75254a08f4a7c34f66a47c06aba\n\n```\n\n###
  Inspect a manifest list\n\n```bash\n$ docker manifest inspect coolapp:v1\n{\n   \"schemaVersion\":
  2,\n   \"mediaType\": \"application/vnd.docker.distribution.manifest.list.v2+json\",\n
  \  \"manifests\": [\n      {\n         \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n
  \        \"size\": 424,\n         \"digest\": \"sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b\",\n
  \        \"platform\": {\n            \"architecture\": \"arm\",\n            \"os\":
  \"linux\"\n         }\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n
  \        \"size\": 424,\n         \"digest\": \"sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a\",\n
  \        \"platform\": {\n            \"architecture\": \"amd64\",\n            \"os\":
  \"linux\"\n         }\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n
  \        \"size\": 425,\n         \"digest\": \"sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8\",\n
  \        \"platform\": {\n            \"architecture\": \"ppc64le\",\n            \"os\":
  \"linux\"\n         }\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n
  \        \"size\": 425,\n         \"digest\": \"sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62\",\n
  \        \"platform\": {\n            \"architecture\": \"s390x\",\n            \"os\":
  \"linux\"\n         }\n      }\n   ]\n}\n```\n\n### Push to an insecure registry\n\nHere
  is an example of creating and pushing a manifest list using a known insecure registry.\n\n```\n$
  docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0
  \\\n    myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \\\n    myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0
  \\\n    myprivateregistry.mycompany.com/repo/image-linux-arm:1.0 \\\n    myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0
  \\\n    myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \\\n    myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0\n```\n```\n$
  docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag\n```\n\nNote
  that the `--insecure` flag is not required to annotate a manifest list, since annotations
  are to a locally-stored copy of a manifest list. You may also skip the `--insecure`
  flag if you are performaing a `docker manifest inspect` on a locally-stored manifest
  list. Be sure to keep in mind that locally-stored manifest lists are never used
  by the engine on a `docker pull`."
deprecated: false
experimental: false
experimentalcli: true
kubernetes: false
swarm: false