Handle image names with an image digest instead of a tag #885
Comments
|
Yeah we should bite the bullet and support image refs with digests. I don't know what we'll do about automation -- maybe ignore them? -- but we could certainly understand them at least. |
squaremo
changed the title
|
Any update on this? It still clutters the logs every 2-4 times per minute. |
|
I'd be happy to take a look at this, as I much prefer pinning my images with sha256 tags. Is there anything in particular that needs doing here aside from relaxing the regex? I see this issue has "blocked-design" and wonder what extra complexities in flux I may not be aware of that this could affect 😄 |
Lots of the code, especially automated updates, assumes it's dealing with image tags. That will have to be adapted, and how it's adapted needs some thinking through (-> "blocked-design"). |
|
@munnerz we need to think about what to do with digest references with respect to updates.
To summarize, if @squaremo agrees, I think this would entail:
|
|
@2opremio Yes I'd go along with that. It's not the absolute minimum that could be done (which is something like, parse images refs with digests but skip them when updating things), but perhaps the minimal satisfactory step to take. |
|
@2opremio , @squaremo eg: https://hub.docker.com/r/solsson/kafka-prometheus-jmx-exporter/tags So in the case of a workload annotated to receive upgrades you might want to upgrade only 1 of the containers of the pod. Would you accept a PR to remove the log error about not understanding the image tag? It's filling our logs with a lot of noise :( |
|
It might not be clear on my previous comment but on my comment "Remove the log error"... I meant by extending the regex, adding a special condition or any other approach without affecting the current Flux functionality |
|
I would much rather get a contribution implementing digest support (you have tips for how to this in my comment above) |
In some occasions the same tag can be assign to different images. Like for example the official Python images tagged with `3.7` or other projects which may not have a labeling strategy which only use label like `latest` or `master`. Using digests instead of labels ensures that you don't recieve unexpected updagrades More info about tags and digests can be found [here](https://success.docker.com/article/images-tagging-vs-digests) Fixes fluxcd#885
In some occasions the same tag can be assigned to different images. Like for example the official Python images tagged with `3.7` or other projects which may not have a labeling strategy which only uses a label like `latest` or `master`. Using digests instead of labels ensures that you don't receive unexpected upgrades More info about tags and digests can be found [here](https://success.docker.com/article/images-tagging-vs-digests) Fixes fluxcd#885
|
I think this is supported in Flux v1.22.0 and above. |
An image name like this:
gcr.io/decisive-cinema-167507/kube-cert-manager@sha256:4e79e70added5a2e95fb10bf9a63e4234395a3e047c9bf6a6c1131c383c9f04aWill cause an error like this:
This can probably be fixed by just adding more craziness to the regex, although it'll take me a little while to comprehend what is already there.
The text was updated successfully, but these errors were encountered: