github.com/AliyunContainerService/cli@v0.0.0-20181009023821-814ced4b30d0/docs/reference/commandline/manifest.md (about)

     1  ---
     2  title: "manifest"
     3  description: "The manifest command description and usage"
     4  keywords: "docker, manifest"
     5  ---
     6  
     7  <!-- This file is maintained within the docker/cli Github
     8       repository at https://github.com/docker/cli/. Make all
     9       pull requests against that repo. If you see this file in
    10       another repository, consider it read-only there, as it will
    11       periodically be overwritten by the definitive file. Pull
    12       requests which include edits to this file in other repositories
    13       will be rejected.
    14  -->
    15  
    16  ```markdown
    17  Usage:  docker manifest COMMAND
    18  
    19  Manage Docker image manifests and manifest lists
    20  
    21  Options:
    22        --help   Print usage
    23  
    24  Commands:
    25    annotate    Add additional information to a local image manifest
    26    create      Create a local manifest list for annotating and pushing to a registry
    27    inspect     Display an image manifest, or manifest list
    28    push        Push a manifest list to a repository
    29  
    30  ```
    31  
    32  ## Description
    33  
    34  The `docker manifest` command by itself performs no action. In order to operate
    35  on a manifest or manifest list, one of the subcommands must be used.
    36  
    37  A single manifest is information about an image, such as layers, size, and digest.
    38  The docker manifest command also gives users additional information such as the os
    39  and architecture an image was built for.
    40  
    41  A manifest list is a list of image layers that is created by specifying one or
    42  more (ideally more than one) image names. It can then be used in the same way as
    43  an image name in `docker pull` and `docker run` commands, for example.
    44  
    45  Ideally a manifest list is created from images that are identical in function for
    46  different os/arch combinations. For this reason, manifest lists are often referred to as
    47  "multi-arch images". However, a user could create a manifest list that points
    48  to two images -- one for windows on amd64, and one for darwin on amd64.
    49  
    50  ### manifest inspect
    51  
    52  ```
    53  manifest inspect --help
    54  
    55  Usage:  docker manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST
    56  
    57  Display an image manifest, or manifest list
    58  
    59  Options:
    60        --help       Print usage
    61        --insecure   Allow communication with an insecure registry
    62    -v, --verbose    Output additional info including layers and platform
    63  ```
    64  
    65  ### manifest create 
    66  
    67  ```bash
    68  Usage:  docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]
    69  
    70  Create a local manifest list for annotating and pushing to a registry
    71  
    72  Options:
    73    -a, --amend      Amend an existing manifest list
    74        --insecure   Allow communication with an insecure registry
    75        --help       Print usage
    76  ```
    77  
    78  ### manifest annotate
    79  ```bash
    80  Usage:  docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
    81  
    82  Add additional information to a local image manifest
    83  
    84  Options:
    85        --arch string               Set architecture
    86        --help                      Print usage
    87        --os string                 Set operating system
    88        --os-features stringSlice   Set operating system feature
    89        --variant string            Set architecture variant
    90  
    91  ```
    92  
    93  ### manifest push
    94  ```bash
    95  Usage:  docker manifest push [OPTIONS] MANIFEST_LIST
    96  
    97  Push a manifest list to a repository
    98  
    99  Options:
   100        --help       Print usage
   101        --insecure   Allow push to an insecure registry
   102    -p, --purge      Remove the local manifest list after push
   103  ```
   104  
   105  ### Working with insecure registries
   106  
   107  The manifest command interacts solely with a Docker registry. Because of this, it has no way to query the engine for the list of allowed insecure registries. To allow the CLI to interact with an insecure registry, some `docker manifest` commands have an `--insecure` flag. For each transaction, such as a `create`, which queries a registry, the `--insecure` flag must be specified. This flag tells the CLI that this registry call may ignore security concerns like missing or self-signed certificates. Likewise, on a `manifest push` to an insecure registry, the `--insecure` flag must be specified. If this is not used with an insecure registry, the manifest command fails to find a registry that meets the default requirements.
   108  
   109  ## Examples
   110  
   111  ### Inspect an image's manifest object
   112   
   113  ```bash
   114  $ docker manifest inspect hello-world
   115  {
   116          "schemaVersion": 2,
   117          "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   118          "config": {
   119                  "mediaType": "application/vnd.docker.container.image.v1+json",
   120                  "size": 1520,
   121                  "digest": "sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57"
   122          },
   123          "layers": [
   124                  {
   125                          "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
   126                          "size": 972,
   127                          "digest": "sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28"
   128                  }
   129          ]
   130  }
   131  ```
   132  
   133  ### Inspect an image's manifest and get the os/arch info
   134  
   135  The `docker manifest inspect` command takes an optional `--verbose` flag
   136  that gives you the image's name (Ref), and architecture and os (Platform).
   137  
   138  Just as with other docker commands that take image names, you can refer to an image with or
   139  without a tag, or by digest (e.g. hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f).
   140  
   141  Here is an example of inspecting an image's manifest with the `--verbose` flag:
   142  
   143  ```bash
   144  $ docker manifest inspect --verbose hello-world
   145  {
   146          "Ref": "docker.io/library/hello-world:latest",
   147          "Digest": "sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f",
   148          "SchemaV2Manifest": {
   149                  "schemaVersion": 2,
   150                  "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   151                  "config": {
   152                          "mediaType": "application/vnd.docker.container.image.v1+json",
   153                          "size": 1520,
   154                          "digest": "sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57"
   155                  },
   156                  "layers": [
   157                          {
   158                                  "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
   159                                  "size": 972,
   160                                  "digest": "sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28"
   161                          }
   162                  ]
   163          },
   164          "Platform": {
   165                  "architecture": "amd64",
   166                  "os": "linux"
   167          }
   168  }
   169  ```
   170  
   171  ### Create and push a manifest list
   172  
   173  To create a manifest list, you first `create` the manifest list locally by specifying the constituent images you would
   174  like to have included in your manifest list. Keep in mind that this is pushed to a registry, so if you want to push
   175  to a registry other than the docker registry, you need to create your manifest list with the registry name or IP and port.
   176  This is similar to tagging an image and pushing it to a foreign registry.
   177  
   178  After you have created your local copy of the manifest list, you may optionally
   179  `annotate` it. Annotations allowed are the architecture and operating system (overriding the image's current values),
   180  os features, and an archictecure variant. 
   181  
   182  Finally, you need to `push` your manifest list to the desired registry. Below are descriptions of these three commands,
   183  and an example putting them all together.
   184  
   185  ```bash
   186  $ docker manifest create 45.55.81.106:5000/coolapp:v1 \
   187      45.55.81.106:5000/coolapp-ppc64le-linux:v1 \
   188      45.55.81.106:5000/coolapp-arm-linux:v1 \
   189      45.55.81.106:5000/coolapp-amd64-linux:v1 \
   190      45.55.81.106:5000/coolapp-amd64-windows:v1
   191  Created manifest list 45.55.81.106:5000/coolapp:v1
   192  ```
   193  
   194  ```bash
   195  $ docker manifest annotate 45.55.81.106:5000/coolapp:v1 45.55.81.106:5000/coolapp-arm-linux --arch arm
   196  ```
   197  
   198  ```bash
   199  $ docker manifest push 45.55.81.106:5000/coolapp:v1
   200  Pushed manifest 45.55.81.106:5000/coolapp@sha256:9701edc932223a66e49dd6c894a11db8c2cf4eccd1414f1ec105a623bf16b426 with digest: sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b
   201  Pushed manifest 45.55.81.106:5000/coolapp@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f with digest: sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a
   202  Pushed manifest 45.55.81.106:5000/coolapp@sha256:39dc41c658cf25f33681a41310372f02728925a54aac3598310bfb1770615fc9 with digest: sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8
   203  Pushed manifest 45.55.81.106:5000/coolapp@sha256:f91b1145cd4ac800b28122313ae9e88ac340bb3f1e3a4cd3e59a3648650f3275 with digest: sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62
   204  sha256:050b213d49d7673ba35014f21454c573dcbec75254a08f4a7c34f66a47c06aba
   205  
   206  ```
   207  
   208  ### Inspect a manifest list
   209  
   210  ```bash
   211  $ docker manifest inspect coolapp:v1
   212  {
   213     "schemaVersion": 2,
   214     "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   215     "manifests": [
   216        {
   217           "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   218           "size": 424,
   219           "digest": "sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b",
   220           "platform": {
   221              "architecture": "arm",
   222              "os": "linux"
   223           }
   224        },
   225        {
   226           "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   227           "size": 424,
   228           "digest": "sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a",
   229           "platform": {
   230              "architecture": "amd64",
   231              "os": "linux"
   232           }
   233        },
   234        {
   235           "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   236           "size": 425,
   237           "digest": "sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8",
   238           "platform": {
   239              "architecture": "ppc64le",
   240              "os": "linux"
   241           }
   242        },
   243        {
   244           "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   245           "size": 425,
   246           "digest": "sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62",
   247           "platform": {
   248              "architecture": "s390x",
   249              "os": "linux"
   250           }
   251        }
   252     ]
   253  }
   254  ```
   255  
   256  ### Push to an insecure registry
   257  
   258  Here is an example of creating and pushing a manifest list using a known insecure registry.
   259  
   260  ```
   261  $ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \
   262      myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \
   263      myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \
   264      myprivateregistry.mycompany.com/repo/image-linux-arm:1.0 \
   265      myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \
   266      myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \
   267      myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0
   268  ```
   269  ```
   270  $ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag
   271  ```
   272  
   273  Note that the `--insecure` flag is not required to annotate a manifest list, since annotations are to a locally-stored copy of a manifest list. You may also skip the `--insecure` flag if you are performaing a `docker manifest inspect` on a locally-stored manifest list. Be sure to keep in mind that locally-stored manifest lists are never used by the engine on a `docker pull`.
   274