Open
Description
You sometimes want to use the digest of an image, rather than the tag; e.g., if you are interested in exactly reproducible builds.
For that reason, it'd be useful to supply the digest of an image selected by a policy object, as well as its tag, in the status. The digest appears to be available via https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote#Head (but if not, Get
in the same place). This has to be done per tags, so while we don't need metadata for sorting/selecting, the policy controller can just fetch it for those images it selects.
Activity
barrydobson commentedon Jan 26, 2021
I'd like to see this feature added too.
My use case would be that when using a tool such as Bazel to release from mono-repos, it's not really possible to use semver, as it would cause all of the services to be deployed every time a change was made. Instead I want to use timestamps as image tags, and the sha of the image in the deployments. This way I can use the alphabetical rule in the image policy, and set the sha. If the sha hasn't changed, Kubernetes won't deploy the app.