-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why can't both tag and digest mutually exist? #1657
Comments
@emalprokt thanks for reaching out! We've discussed this issue in the community meeting. Before moving on, just wonder if you're asking to support docker reference convention like: |
Hi @binbin-li , Currently, it's very difficult to know which image is deployed and cross-checking with the image repository can sometimes give very confusing results. |
Hi @binbin-li @susanshi , any thoughts? |
@emalprokt I did some investigation, seems docker/containerd support reference in format |
@binbin-li Something that exists as a reference throughout the lifetime of deployment of the image would be more helpful than a log. Maybe the mutator can add a label in the spec we're mutating to specify the tag that was mutated? |
@emalprokt Thanks for following up! If I'm understanding correctly, engineers who deployed an image may not have access to Ratify logs. In this case, the engineer does not know original tag of the deployed image. We bring this issue into the community discussion today, and agreed to support mutating a tag to tag@digest for debugging purpose. But it's better to have a configurable option to enable/disable it like how we enable/disable mutation feature. Since you're willing to implement it, could you post a brief proposal on user scenarios and how you plan to implement it, thanks! |
@binbin-li |
What happened in your environment?
Tag is removed from the image name if both tag and digest exists.
What did you expect to happen?
Why is the tag removed and only digest kept? Why can't both exist mutually? Is there a special reason as to why the tag is removed?
In a similar case with tags being mutated to digest; can't we keep both tags and digest in the name? The digest will be automatically used by K8s and the tag ignored. Keeping the tag makes it easy for devs to debug. Only having digests makes it harder during debugging, and only keeping digest doesn't seem to have any special benefit over having both?
What version of Kubernetes are you running?
No response
What version of Ratify are you running?
No response
Anything else you would like to add?
No response
Are you willing to submit PRs to contribute to this bug fix?
The text was updated successfully, but these errors were encountered: