-
Notifications
You must be signed in to change notification settings - Fork 69
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Store digest of latest image in ImagePolicy status
The new API field `.status.latestDigest` in the `ImagePolicy` kind stores the digest of the image referred to by the the `.status.latestImage` field. This new field can be used to pin an image to an immutable descriptor rather than to a potentially moving tag, increasing the security of workloads deployed on a cluster. The goal is to make use of the digest in IAC so that manifests can be updated with the actual image digest. This commit changes the format of the data stored in the caching badger database from a list of strings to a list of `database.Tag` objects where each tag carries a tag name and a digest value. `ImageRepositoryReconciler` now fetched the digest of each image+tag when it scans the registry for new tags. To accomplish this it issues a HEAD request against the registry for each tag with the response carrying the digest in the headers. Since this is a potentially expensive operation involving network roundtrips for each tag, a goroutine is spawned for each HEAD request to parallelize the fetching process. Migration from the old database format to the new one is taken care of by the `badger.unmarshal` function which falls back to trying to unmarshal the data into a string slice in case the attempt to unmarshal it into a `database.Tag` slice fails. Subsequent `SetTags` calls then store the data in the new format. Because of its potential to significantly increase the amount of network requests, the feature is disabled by default and can be enabled using a feature flag for now. closes #214 Signed-off-by: Max Jonas Werner <[email protected]>
- Loading branch information
Max Jonas Werner
committed
Apr 6, 2023
1 parent
7a670e9
commit 79a1ed3
Showing
26 changed files
with
598 additions
and
253 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.