-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Detect image ID changes when determining whether or not to update #498
Comments
There is an option for releasing new config:
but it doesn't do what you'd want, because Kubernetes won't in general restart pods if nothing has (textually) changed. |
We can in principle compare layer IDs to detect if the image to which the tag refers is different; but again, in the absence of a textual change, Kubernetes won't treat it as a change. 😞 |
Actually, I think it'd be nice if we looked up the ID and inserted that in the manifest. Please note that tag can be preserved too, so the diff will remain readable, yet it would be strongly bound to the content. Here is a example of a diff:
However, my test so far surfaced one issue, the tag (in my case
still runs the same image, as specified by the ID, so the tag is effectively a comment. Despite this, I think this notation is still useful, as user really doesn't have a capability to lookup the ID, otherwise we can insert a comment at the end of the line specifying the tag name. I think Flux is rather well positioned to help user leverage immutable image IDs, and right now one can say that git is not source of truth as they can push whatever image under the same tag in the registry. Using image IDs sounds like a better defence on that front. And by the way, Kubernetes already started using IDs internally (see output of |
Actually, I've just re-checked this and it adds |
Also #909 is related to the general topic of using SHA256 digests. |
Because kubernetes won't change anything when reapplying a manifest as @squaremo said, the behaviour requested here is essentially
In general it's not recommended to push a different image to the same tag (I would argue the decision to allow that was a mistake), but if that's really what a user wants they can use |
@squaremo any chance we can consider allowing this? We have a use case where we would like to keep pushing image updates to the same image tag, but flux won't automatically detect this as a change since the tag is the same. |
When you push up a new image with the same tag(s), Flux does not allow you to deploy that image.
This situation arose when trying to re-build our internal
ui-server
image with new changes to Scope. Our specific workflow looks like this:service-ui
, which will pull in the latest Scope source and re-build the bundleservice-ui
does not have new commits, but it's dependency has changed, so a newui-server
image is builtui-server
image is pushed but still has both the same:latest
and the:master-{commit sha}
tags as the previous buildI think this will be a problem that a lot of users will run into, particularly at the beginning of the adoption of containers and/or kubernetes. While it might be a best-practice to incorporate commit hashes with container image tags (and treat tags as immutable), I don't believe we should enforce that opinion and potentially alienate users who haven't adopted that process yet. In the above scenario, I had a very simple use case of "I want my latest image deployed to staging so I can test it".
One simple solution would be to allow users to release a service, even when no changes are detected. I assume this would fetch the new container image and restart the pod, which would give the desired result.
The text was updated successfully, but these errors were encountered: