-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for referring to images by digest #11341
Conversation
Add ability to refer to an image by repository name and digest using the format repository@digest. Works for pull, push, run, build, and rmi. Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
When images are being untagged, if a repo has no more tags, clear out the repo entry from the TagStore's Digests (just like what happens with the TagStore's Repositories). Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Add new `-d` flag to `docker images` to show name + digest. Exclude images referenced by digest from the dangling images list. Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Show <none> when listing images with digests that don't have them. Add list images integration tests. Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Add utils.ImageReference to return a string from a repo and a ref, where ref could either be a digest or a tag. Replace hard-coded repo + ":" + tag in places where tag could potentially be a digest. Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
These files are not properly gofmt'd: |
@GordonTheTurtle I don't know what you're talking about. Is it a specific commit that you're complaining about because the tip of the branch seems fine. @jfrazelle ^ is this guy serious? |
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
@jlhawn it looks like you changed the behavior so that it no longer stores the digest->id reference when pushing or pulling by tag. I've restored this in an additional commit: ncdc@a6df96e. |
Supersedes #11109 by @ncdc with implementation of #11109 (comment)
Overview
When I create a container, I may specify an image such as
mysql:latest
. When the image is pulled,latest
is resolved to a particular image at that point in time. If I later want to add more containers (e.g. possible read slaves in the MySQL case), all the new containers must use the exact same image as my first container. Using a tag isn't sufficient as the tag can be updated to point at a different image. We need a way to refer to images using immutable identifiers.With the v2 image format, image manifests have content-addressable, immutable digests. The v2 registry supports retrieving manifests by digest; this pull request adds the corresponding support to the Docker Core.
Digest reference format
We'll need to provide a means to reference an image by its digest. I'd like to propose the following format:
Supported commands
We'll need to make sure the following commands continue to work as they currently do, as well as with an optional digest:
docker build
docker pull
docker create
docker run
docker rmi
This list should eventually be comprehensive; anywhere you can refer to an image, you should be able to do so by digest. For the time being, the commands listed above should be sufficient for the use case listed in the overview.
docker images
If you pull an image from a v2 registry, the registry provides the image manifest's digest as a response header. If you pull by tag, you'll have both the tag and the digest. If you pull only by digest, you won't have the tag information. 1 question to resolve is how to display images, tags, digests, and v1 image IDs in the
docker images
command.It is possible (likely?) that a variety of code exists to scrape the output of
docker images
. If we change the format, e.g. by adding a new column, or overloading an existing column to sometimes show a v1 image ID vs a digest, we will probably break whatever code is out there doing the scraping. We need to determine how critical it is to retain the existing column and data formats in thedocker images
command.I have the following ideas regarding this output:
repository
,tag
,digest
, andimage id
repository
, for tag,digest
, andimage id
docker images
questionsDIGEST
column?docker images
- you won't see the image you just pulledQuestions
What about v1 registry support?
The v1 registry won't support this feature.
If I create an image locally via
docker tag
ordocker commit
, can I refer to it byname@digest
?As proposed in distribution/distribution#46, the registry is responsible for determining an image's digest and assigning it to the image. For an image that has not yet been pushed to a v2 registry, it may not be possible to refer to it by
name@digest
. This is unlikely to be a significant issue, as the use case forname@digest
is consistent deployments using images pulled from registries. Or, if the community thinks this should be supported, we can revisit what component(s) are responsible for calculating digests.Additional information
See #10740 for more backstory.
Todo: