Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow scaffold command to resolve sha256 from the latest tag and use that automatically #70

Open
rajatjindal opened this issue Mar 28, 2024 · 4 comments
Open

allow scaffold command to resolve sha256 from the latest tag and use that automatically #70

rajatjindal opened this issue Mar 28, 2024 · 4 comments

Comments

@rajatjindal
Copy link
Member

There is a request from a user to use latest tag for SpinKube artifacts and for that there is a desire to expose imagePullPolicy in the SpinApp CRD.

The mutable tags have been known for causing troubles and we want to evaluate if we can add an option to scaffold command to resolve the sha256 for latest tag using kube plugin, and use that in the SpinApp resource automatically.

This will ensure user can still continue to use latest tag, but from the cluster perspective, we will be using sha256.

This issue is to do a poc for this feature and see if it helps satisfy the user requirement.

The dev experience may look something like follows:

Notice, the version is ommitted from the --from my-image arg.

spin kube scaffold --from my-image
...
spec:
  # Image resolved from "latest" tag at 2024-03-28T08:54Z
  image: "my-image@sha256:..."
@rajatjindal rajatjindal mentioned this issue Mar 28, 2024
Open
@lann
Copy link

lann commented Mar 28, 2024
edited
Loading

In addition to the inline YAML comment I would maybe also emit a stderr notice to help with the common case of piping the output, e.g.

$ spin kube scaffold --from my-image
Note: No tag or digest specified; resolved "latest" tag to "sha256:abc...".

apiVersion: core.spinoperator.dev/v1alpha1
[...]
spec:
  # Image resolved from "latest" tag at 2024-03-28T08:54Z
  image: "my-image@sha256:abc..."

@lann
Copy link

lann commented Mar 28, 2024

It may also make sense to have something like a --resolve flag to turn on this behavior for other tags like :dev. I think the behavior could look something like:

  • If no tag or digest OR --resolve, resolve the tag (or latest) to a digest
  • If no tag or digest AND --resolve was not specified, print message to stderr
  • If the tag was resolved, include the yaml comment

@bacongobbler
Copy link
Collaborator

bacongobbler commented Apr 1, 2024
edited
Loading

I think the current thread assumes the image tag exists on the local machine. Does spin build && spin registry push bacongobbler/hello-rust:latest build and store bacongobbler/hello-rust:latest in the local image store? I wasn't sure if those commands put the "Spin image" into the local image store or just assembles the image and the tag on-the-fly.

@lann
Copy link

lann commented Apr 1, 2024

I was thinking this would fetch the digest from the registry, but that might have slightly wonky UX... 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lann @rajatjindal @bacongobbler