AWS ECR Manifest MediaType

[guimorg]

Actual behavior

We use gcr.io/kaniko-project/executor:debug to build images for a long time, usually, our base images are python slim images, which when inspected have their manifest mediaType as "mediaType": "application/vnd.oci.image.manifest.v1+json",.

We proceed to push the images built by kaniko to ECR and they remain annotated with "mediaType": "application/vnd.docker.distribution.manifest.v2+json".

Nevertheless, today we've noticed via some inconsistencies with unsupported mediaType that these same images when built had their mediaType pushed as OCI to our AWS ECR repository.

I am unsure if this is expected or not since we've had processes for a long time working like this where the manifest was pushed as Docker V2 and not OCI. I've made a simple test locally (with Docker, though) and the image is pushed as Docker V2, but when running kaniko on GitLab CI the images were pushed as OCI.

Expected behavior
A clear and concise description of what you expected to happen.

I've expected the same behavior from previous executions where images were pushed as Docker V2 manifest mediaType.

To Reproduce
Steps to reproduce the behavior:

1. Build kaniko image with command:

     /kaniko/executor
      --build-arg CI_REGISTRY="$CI_REGISTRY"
      --context $BUILD_CONTEXT
      --dockerfile $BUILD_DOCKERFILE_PATH
      --destination $CONTAINER_IMAGE_NAME:$CONTAINER_IMAGE_TAG

2. Check the docker manifest pushed to ECR:

docker manifest inspect <account>.dkr.ecr.<region>.amazonaws.com/<CONTAINER_IMAGE_NAME>:<CONTAINER_IMAGE_TAG>

Additional Information

• Dockerfile
  Please provide either the Dockerfile you're trying to build or one that can reproduce this error.

# Basic Slim Python Image
FROM python:3.11-slim

ENV PYTHONUNBUFFERED=TRUE
ENV PYTHONDONTWRITEBYTECODE=TRUE

ADD requirements.txt .

RUN python3 -m pip install -r requirements.txt && \
    rm -rf /root/.cache

COPY ./ /opt/

ENV PATH="/opt/:${PATH}"

RUN chmod +x /opt/*

EXPOSE 8080

• Build Context
  Please provide or clearly describe any files needed to build the Dockerfile (ADD/COPY commands)

app.py   Dockerfile   requirements.txt

• Kaniko Image (fully qualified with digest)
  (internal image on ECR)

Triage Notes for the Maintainers

Description	Yes/No
Please check if this a new feature you are proposing
Please check if the build works in docker but not in kaniko
Please check if this error is seen when you use --cache flag
Please check if your dockerfile is a multistage dockerfile

[tanadeau]

Are there any updates on this?