table of contents
OC IMAGE(1) | June 2016 | OC IMAGE(1) |
NAME¶
oc image append - Add layers to images and push them to a registry
SYNOPSIS¶
oc image append [OPTIONS]
DESCRIPTION¶
Add layers to container images.
Modifies an existing image by adding layers or changing configuration and then pushes that image to a remote registry. Any inherited layers are streamed from registry to registry without being stored locally. The default docker credentials are used for authenticating to the registries.
Layers may be provided as arguments to the command and must each be a gzipped tar archive representing a filesystem overlay to the inherited images. The archive may contain a "whiteout" file (the prefix '.wh.' and the filename) which will hide files in the lower layers. All supported filesystem attributes present in the archive will be used as is.
Metadata about the image (the configuration passed to the container runtime) may be altered by passing a JSON string to the --image or --meta options. The --image flag changes what the container runtime sees, while the --meta option allows you to change the attributes of the image used by the runtime. Use --dry-run to see the result of your changes. You may add the --drop-history flag to remove information from the image about the system that built the base image.
Images in manifest list format with keep-manifest-list specified will automatically append layers to all sub manifests in the list unless filter-by-os is specified in which case the append will only happen for the filtered manifests while preserving the manifestlist. If keep-manifest-list is not specified, automatically select an image that matches the current operating system and architecture unless --filter-by-os is used to select a different image. These flags have no effect on regular images.
OPTIONS¶
--certificate-authority=""
The path to a certificate authority bundle to use when communicating with the
managed container image registries. If --insecure is used, this flag will be
ignored.
--created-at=""
The creation date for this image, in RFC3339 format or milliseconds from the
Unix epoch.
--dir=""
The directory on disk that file:// images will be copied under.
--drop-history=false
Fields on the image that relate to the history of how the image was created
will be removed.
--dry-run=false
Print the actions that would be taken and exit without writing to the
destination.
--filter-by-os=""
A regular expression to control which images are considered when multiple
variants are available. Images will be passed as
'<platform>/<architecture>[/<variant>]'.
--force=false
If set, the command will attempt to upload all layers instead of skipping
those that are already uploaded.
--from=""
The image to use as a base. If empty, a new scratch image is created.
--from-dir=""
The directory on disk that file:// images will be read from. Overrides
--dir
--image=""
A JSON patch that will be used with the output image data.
--insecure=false
Allow push and pull operations to registries to be made over HTTP
--keep-manifest-list=false
If an image is part of a manifest list, always append to each image in the
list. The default is to append to all images unless --filter-by-os is
passed.
--max-per-registry=4
Number of concurrent requests allowed per registry.
--meta=""
A JSON patch that will be used with image base metadata (advanced
config).
-a, --registry-config=""
Path to your registry credentials. Alternatively REGISTRY_AUTH_FILE env
variable can be also specified. Defaults to
${XDG_RUNTIME_DIR}/containers/auth.json, /run/containers/${UID}/auth.json,
${XDG_CONFIG_HOME}/containers/auth.json, ${DOCKER_CONFIG},
/.docker/config.json, /.dockercfg. The order can be changed
via the REGISTRY_AUTH_PREFERENCE env variable (deprecated) to a
"docker" value to prioritizes Docker credentials over
Podman's.
--skip-verification=false
Skip verifying the integrity of the retrieved content. This is not
recommended, but may be necessary when importing images from older image
registries. Only bypass verification if the registry is known to be
trustworthy.
--to=""
The Docker repository tag to upload the appended image to.
OPTIONS INHERITED FROM PARENT COMMANDS¶
--as=""
Username to impersonate for the operation. User could be a regular user or a
service account in a namespace.
--as-group=[]
Group to impersonate for the operation, this flag can be repeated to specify
multiple groups.
--as-uid=""
UID to impersonate for the operation.
--cache-dir="/home/abuild/.kube/cache"
Default cache directory
--client-certificate=""
Path to a client certificate file for TLS
--client-key=""
Path to a client key file for TLS
--cluster=""
The name of the kubeconfig cluster to use
--context=""
The name of the kubeconfig context to use
--disable-compression=false
If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify=false
If true, the server's certificate will not be checked for validity. This will
make your HTTPS connections insecure
--kubeconfig=""
Path to the kubeconfig file to use for CLI requests.
--match-server-version=false
Require server version to match client version
-n, --namespace=""
If present, the namespace scope for this CLI request
--profile="none"
Name of profile to capture. One of
(none|cpu|heap|goroutine|threadcreate|block|mutex)
--profile-output="profile.pprof"
Name of the file to write the profile to
--request-timeout="0"
The length of time to wait before giving up on a single server request.
Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h).
A value of zero means don't timeout requests.
-s, --server=""
The address and port of the Kubernetes API server
--tls-server-name=""
Server name to use for server certificate validation. If it is not provided,
the hostname used to contact the server is used
--token=""
Bearer token for authentication to the API server
--user=""
The name of the kubeconfig user to use
--warnings-as-errors=false
Treat warnings received from the server as errors and exit with a non-zero
exit code
EXAMPLE¶
# Remove the entrypoint on the mysql:latest image
oc image append --from mysql:latest --to myregistry.com/myimage:latest --image '{"Entrypoint":null}'
# Add a new layer to the image
oc image append --from mysql:latest --to myregistry.com/myimage:latest layer.tar.gz
# Add a new layer to the image and store the result on disk
# This results in $(pwd)/v2/mysql/blobs,manifests
oc image append --from mysql:latest --to file://mysql:local layer.tar.gz
# Add a new layer to the image and store the result on disk in a designated directory
# This will result in $(pwd)/mysql-local/v2/mysql/blobs,manifests
oc image append --from mysql:latest --to file://mysql:local --dir mysql-local layer.tar.gz
# Add a new layer to an image that is stored on disk ( /mysql-local/v2/image exists)
oc image append --from-dir /mysql-local --to myregistry.com/myimage:latest layer.tar.gz
# Add a new layer to an image that was mirrored to the current directory on disk ($(pwd)/v2/image exists)
oc image append --from-dir v2 --to myregistry.com/myimage:latest layer.tar.gz
# Add a new layer to a multi-architecture image for an os/arch that is different from the system's os/arch
# Note: The first image in the manifest list that matches the filter will be returned when --keep-manifest-list is not specified
oc image append --from docker.io/library/busybox:latest --filter-by-os=linux/s390x --to myregistry.com/myimage:latest layer.tar.gz
# Add a new layer to a multi-architecture image for all the os/arch manifests when keep-manifest-list is specified
oc image append --from docker.io/library/busybox:latest --keep-manifest-list --to myregistry.com/myimage:latest layer.tar.gz
# Add a new layer to a multi-architecture image for all the os/arch manifests that is specified by the filter, while preserving the manifestlist
oc image append --from docker.io/library/busybox:latest --filter-by-os=linux/s390x --keep-manifest-list --to myregistry.com/myimage:latest layer.tar.gz
SEE ALSO¶
HISTORY¶
June 2016, Ported from the Kubernetes man-doc generator
Openshift CLI User Manuals | Openshift |