github.com/khulnasoft/cli@v0.0.0-20240402070845-01bcad7beefa/docs/reference/commandline/manifest.md (about) 1 # manifest 2 3 <!---MARKER_GEN_START--> 4 5 The **docker manifest** command has subcommands for managing image manifests and 6 manifest lists. A manifest list allows you to use one name to refer to the same image 7 built for multiple architectures. 8 9 To see help for a subcommand, use: 10 11 docker manifest CMD --help 12 13 For full details on using docker manifest lists, see the registry v2 specification. 14 15 16 17 ### Subcommands 18 19 | Name | Description | 20 |:-----------------------------------|:----------------------------------------------------------------------| 21 | [`annotate`](manifest_annotate.md) | Add additional information to a local image manifest | 22 | [`create`](manifest_create.md) | Create a local manifest list for annotating and pushing to a registry | 23 | [`inspect`](manifest_inspect.md) | Display an image manifest, or manifest list | 24 | [`push`](manifest_push.md) | Push a manifest list to a repository | 25 | [`rm`](manifest_rm.md) | Delete one or more manifest lists from local storage | 26 27 28 29 <!---MARKER_GEN_END--> 30 31 ## Description 32 33 The `docker manifest` command by itself performs no action. In order to operate 34 on a manifest or manifest list, one of the subcommands must be used. 35 36 A single manifest is information about an image, such as layers, size, and 37 digest. The `docker manifest` command also gives you additional information, 38 such as the OS and architecture an image was built for. 39 40 A manifest list is a list of image layers that is created by specifying one or 41 more (ideally more than one) image names. It can then be used in the same way as 42 an image name in `docker pull` and `docker run` commands, for example. 43 44 Ideally a manifest list is created from images that are identical in function for 45 different os/arch combinations. For this reason, manifest lists are often referred 46 to as "multi-arch images". However, a user could create a manifest list that points 47 to two images -- one for Windows on AMD64, and one for Darwin on AMD64. 48 49 ### manifest inspect 50 51 ```console 52 $ docker manifest inspect --help 53 54 Usage: docker manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST 55 56 Display an image manifest, or manifest list 57 58 Options: 59 --help Print usage 60 --insecure Allow communication with an insecure registry 61 -v, --verbose Output additional info including layers and platform 62 ``` 63 64 ### manifest create 65 66 ```console 67 Usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...] 68 69 Create a local manifest list for annotating and pushing to a registry 70 71 Options: 72 -a, --amend Amend an existing manifest list 73 --insecure Allow communication with an insecure registry 74 --help Print usage 75 ``` 76 77 ### manifest annotate 78 79 ```console 80 Usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST 81 82 Add additional information to a local image manifest 83 84 Options: 85 --arch string Set architecture 86 --help Print usage 87 --os string Set operating system 88 --os-version string Set operating system version 89 --os-features stringSlice Set operating system feature 90 --variant string Set architecture variant 91 92 ``` 93 94 ### manifest push 95 96 ```console 97 Usage: docker manifest push [OPTIONS] MANIFEST_LIST 98 99 Push a manifest list to a repository 100 101 Options: 102 --help Print usage 103 --insecure Allow push to an insecure registry 104 -p, --purge Remove the local manifest list after push 105 ``` 106 107 ### Working with insecure registries 108 109 The manifest command interacts solely with a registry. Because of this, 110 it has no way to query the engine for the list of allowed insecure registries. 111 To allow the CLI to interact with an insecure registry, some `docker manifest` 112 commands have an `--insecure` flag. For each transaction, such as a `create`, 113 which queries a registry, the `--insecure` flag must be specified. This flag 114 tells the CLI that this registry call may ignore security concerns like missing 115 or self-signed certificates. Likewise, on a `manifest push` to an insecure 116 registry, the `--insecure` flag must be specified. If this is not used with an 117 insecure registry, the manifest command fails to find a registry that meets the 118 default requirements. 119 120 ## Examples 121 122 ### Inspect an image's manifest object 123 124 ```console 125 $ docker manifest inspect hello-world 126 { 127 "schemaVersion": 2, 128 "mediaType": "application/vnd.docker.distribution.manifest.v2+json", 129 "config": { 130 "mediaType": "application/vnd.docker.container.image.v1+json", 131 "size": 1520, 132 "digest": "sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57" 133 }, 134 "layers": [ 135 { 136 "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", 137 "size": 972, 138 "digest": "sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28" 139 } 140 ] 141 } 142 ``` 143 144 ### Inspect an image's manifest and get the os/arch info 145 146 The `docker manifest inspect` command takes an optional `--verbose` flag that 147 gives you the image's name (Ref), as well as the architecture and OS (Platform). 148 149 Just as with other Docker commands that take image names, you can refer to an image with or 150 without a tag, or by digest (e.g. `hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f`). 151 152 Here is an example of inspecting an image's manifest with the `--verbose` flag: 153 154 ```console 155 $ docker manifest inspect --verbose hello-world 156 { 157 "Ref": "docker.io/library/hello-world:latest", 158 "Digest": "sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f", 159 "SchemaV2Manifest": { 160 "schemaVersion": 2, 161 "mediaType": "application/vnd.docker.distribution.manifest.v2+json", 162 "config": { 163 "mediaType": "application/vnd.docker.container.image.v1+json", 164 "size": 1520, 165 "digest": "sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57" 166 }, 167 "layers": [ 168 { 169 "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", 170 "size": 972, 171 "digest": "sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28" 172 } 173 ] 174 }, 175 "Platform": { 176 "architecture": "amd64", 177 "os": "linux" 178 } 179 } 180 ``` 181 182 ### Create and push a manifest list 183 184 To create a manifest list, you first `create` the manifest list locally by 185 specifying the constituent images you would like to have included in your 186 manifest list. Keep in mind that this is pushed to a registry, so if you want to 187 push to a registry other than the docker registry, you need to create your 188 manifest list with the registry name or IP and port. 189 This is similar to tagging an image and pushing it to a foreign registry. 190 191 After you have created your local copy of the manifest list, you may optionally 192 `annotate` it. Annotations allowed are the architecture and operating system 193 (overriding the image's current values), os features, and an architecture variant. 194 195 Finally, you need to `push` your manifest list to the desired registry. Below are 196 descriptions of these three commands, and an example putting them all together. 197 198 ```console 199 $ docker manifest create 45.55.81.106:5000/coolapp:v1 \ 200 45.55.81.106:5000/coolapp-ppc64le-linux:v1 \ 201 45.55.81.106:5000/coolapp-arm-linux:v1 \ 202 45.55.81.106:5000/coolapp-amd64-linux:v1 \ 203 45.55.81.106:5000/coolapp-amd64-windows:v1 204 205 Created manifest list 45.55.81.106:5000/coolapp:v1 206 ``` 207 208 ```console 209 $ docker manifest annotate 45.55.81.106:5000/coolapp:v1 45.55.81.106:5000/coolapp-arm-linux --arch arm 210 ``` 211 212 ```console 213 $ docker manifest push 45.55.81.106:5000/coolapp:v1 214 Pushed manifest 45.55.81.106:5000/coolapp@sha256:9701edc932223a66e49dd6c894a11db8c2cf4eccd1414f1ec105a623bf16b426 with digest: sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b 215 Pushed manifest 45.55.81.106:5000/coolapp@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f with digest: sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a 216 Pushed manifest 45.55.81.106:5000/coolapp@sha256:39dc41c658cf25f33681a41310372f02728925a54aac3598310bfb1770615fc9 with digest: sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8 217 Pushed manifest 45.55.81.106:5000/coolapp@sha256:f91b1145cd4ac800b28122313ae9e88ac340bb3f1e3a4cd3e59a3648650f3275 with digest: sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62 218 sha256:050b213d49d7673ba35014f21454c573dcbec75254a08f4a7c34f66a47c06aba 219 220 ``` 221 222 ### Inspect a manifest list 223 224 ```console 225 $ docker manifest inspect coolapp:v1 226 { 227 "schemaVersion": 2, 228 "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", 229 "manifests": [ 230 { 231 "mediaType": "application/vnd.docker.distribution.manifest.v2+json", 232 "size": 424, 233 "digest": "sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b", 234 "platform": { 235 "architecture": "arm", 236 "os": "linux" 237 } 238 }, 239 { 240 "mediaType": "application/vnd.docker.distribution.manifest.v2+json", 241 "size": 424, 242 "digest": "sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a", 243 "platform": { 244 "architecture": "amd64", 245 "os": "linux" 246 } 247 }, 248 { 249 "mediaType": "application/vnd.docker.distribution.manifest.v2+json", 250 "size": 425, 251 "digest": "sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8", 252 "platform": { 253 "architecture": "ppc64le", 254 "os": "linux" 255 } 256 }, 257 { 258 "mediaType": "application/vnd.docker.distribution.manifest.v2+json", 259 "size": 425, 260 "digest": "sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62", 261 "platform": { 262 "architecture": "s390x", 263 "os": "linux" 264 } 265 } 266 ] 267 } 268 ``` 269 270 ### Push to an insecure registry 271 272 Here is an example of creating and pushing a manifest list using a known 273 insecure registry. 274 275 ```console 276 $ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \ 277 myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \ 278 myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \ 279 myprivateregistry.mycompany.com/repo/image-linux-arm:1.0 \ 280 myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \ 281 myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \ 282 myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0 283 284 $ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag 285 ``` 286 287 > **Note** 288 > 289 > The `--insecure` flag is not required to annotate a manifest list, 290 > since annotations are to a locally-stored copy of a manifest list. You may also 291 > skip the `--insecure` flag if you are performing a `docker manifest inspect` 292 > on a locally-stored manifest list. Be sure to keep in mind that locally-stored 293 > manifest lists are never used by the engine on a `docker pull`.