Skip to content

Refactor image management to use transfer service #4583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Refactor image management to use transfer service #4583

wants to merge 3 commits into from

Conversation

@ChengyuZhu6
Copy link
Member

@ChengyuZhu6 ChengyuZhu6 commented Nov 5, 2025

Fixes: #4573

@ChengyuZhu6 ChengyuZhu6 force-pushed the transfer branch 2 times, most recently from 285c273 to 156a92a Compare November 5, 2025 15:51
AkihiroSuda
AkihiroSuda reviewed Nov 5, 2025
View reviewed changes
@AkihiroSuda AkihiroSuda added this to the v2.3.0 milestone Nov 6, 2025
@ChengyuZhu6 ChengyuZhu6 force-pushed the transfer branch 21 times, most recently from b5584fe to 18b0448 Compare November 14, 2025 03:54
@ChengyuZhu6 ChengyuZhu6 force-pushed the transfer branch 5 times, most recently from a49ea0a to f66db0d Compare November 23, 2025 14:43
@ChengyuZhu6
Copy link
Member Author

ChengyuZhu6 commented Nov 25, 2025
edited
Loading

Most image management operations now use the transfer service:

  • Standard image pull/push operations
  • Multi-platform image handling
  • Progress reporting and streaming
  • Basic registry authentication
  • Image import/export (load/save)

Limitations

Due to current transfer API constraints, the following features continue to use the legacy implementation:

1. IPFS Registry and Nondistributable Artifacts

Reason: The transfer service API does not support custom registry resolver implementations.

Affected features:

  • IPFS registry functionality (ipfs:// protocol)
  • Nondistributable artifact handling (e.g., Windows base layers)

Status: These features remain on the legacy resolver-based approach until the transfer API supports custom resolvers.

2. Containerd 1.7.x Compatibility Issue

Issue: When using containerd 1.7.x daemons, registry options like WithDefaultScheme("http") and WithHostDir() are silently ignored.

Technical details:

  • nerdctl uses containerd v2.2 client library which supports these options
  • Options are properly serialized into protobuf messages
  • However, containerd 1.7.x's UnmarshalAny() implementation doesn't process these fields
  • Only authorizer and headers are handled in 1.7.x

Impact:

  • Localhost registry operations may fail with: "http: server gave HTTP response to HTTPS client"
  • Custom hosts.toml configurations are not applied on 1.7.x

@ChengyuZhu6
Copy link
Member Author

ChengyuZhu6 commented Nov 25, 2025
edited
Loading

For limitation 2, there are two potential solutions:

  1. Implement containerd version detection in nerdctl to use different code paths;
  2. Backport to containerd 1.7.x

For limitation 1, there are two potential solutions:

  1. IPFS Registry and Nondistributable Artifacts remain on the legacy resolver-based approach.
  2. containerd transfer API supports custom resolvers

@ChengyuZhu6
Copy link
Member Author

ChengyuZhu6 commented Nov 25, 2025

@AkihiroSuda @ktock

@AkihiroSuda
Copy link
Member

AkihiroSuda commented Nov 26, 2025

Thanks @ChengyuZhu6

For limitation 2, there are two potential solutions:

  1. Implement containerd version detection in nerdctl to use different code paths;
  2. Backport to containerd 1.7.x

For limitation 1, there are two potential solutions:

  1. IPFS Registry and Nondistributable Artifacts remain on the legacy resolver-based approach.
  2. containerd transfer API supports custom resolvers

2 in the long term, 1 in the short term

@ChengyuZhu6
Refactor image management to use transfer service
c56346e 
Switch image operations to the transfer API with structured progress reporting
and improved TLS/HTTP fallback behavior. Introduce shared helpers for
credentials, error classification, progress rendering, and transfer-based
import/tag/save flows, updating tests to reflect the new UX.

Signed-off-by: ChengyuZhu6 <[email protected]>
@ChengyuZhu6
configure containerd config with remote snapshotter
9e786e7 
Add remote snapshot annotations and transfer unpack config
for stargz, soci, and fuse-overlayfs snapshotter plugins.

Signed-off-by: ChengyuZhu6 <[email protected]>
@ChengyuZhu6 ChengyuZhu6 marked this pull request as ready for review November 27, 2025 07:19
@ChengyuZhu6 ChengyuZhu6 force-pushed the transfer branch 6 times, most recently from 0694abb to f2e210d Compare November 27, 2025 10:38
@ChengyuZhu6
Support legacy push/pull for containerd 1.7.x
d3b9cab 
Add version detection to automatically select Transfer service (2.0+)
or legacy resolver methods (< 2.0) for better compatibility.

Signed-off-by: ChengyuZhu6 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AkihiroSuda AkihiroSuda Awaiting requested review from AkihiroSuda

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v2.3.0

Development

Successfully merging this pull request may close these issues.

Refactor the image management code to use the Transfer service

2 participants

@ChengyuZhu6 @AkihiroSuda