From 527a1abc1ddeb0ff424fe65a34dd6dc028ca864a Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Tue, 22 Jul 2025 14:03:34 +0800 Subject: [PATCH] docs: fix nerdctl guest image command the image name is delivered via annotation than label in nerdctl >= 2.0 version. See the release note https://github.com/containerd/nerdctl/releases/tag/v2.0.0 and PR https://github.com/containerd/nerdctl/pull/2906 If an old version of nerdctl (< 2.0), --label will still work. Signed-off-by: Xynnn007 --- docs/design/kata-guest-image-management-design.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/design/kata-guest-image-management-design.md b/docs/design/kata-guest-image-management-design.md index a68a0db6ed..5155bff2e2 100644 --- a/docs/design/kata-guest-image-management-design.md +++ b/docs/design/kata-guest-image-management-design.md @@ -160,11 +160,14 @@ Next, the kata-agent's RPC module will handle the create container request which ## Using guest image pull with `nerdctl` -When running a workload, add the `--label io.kubernetes.cri.image-name=` option e.g.: +When running a workload, add the `--annotation io.kubernetes.cri.image-name=` option e.g.: ```sh -nerdctl run --runtime io.containerd.kata.v2 --snapshotter nydus --label io.kubernetes.cri.image-name=docker.io/library/busybox:latest --rm docker.io/library/busybox:latest uname -r +nerdctl run --runtime io.containerd.kata.v2 --snapshotter nydus --annotation io.kubernetes.cri.image-name=docker.io/library/busybox:latest --rm docker.io/library/busybox:latest uname -r ``` +> [!NOTE] +> The command above is for `nerdctl` >= `2.0`. If `nerdctl` is older than `2.0`, use `--label io.containerd.kata.v2.image-name=`. + References: 1. [[RFC] Image management proposal for hosting sharing and peer pods](https://github.com/confidential-containers/confidential-containers/issues/137) 2. https://github.com/containerd/containerd/blob/main/docs/content-flow.md