Skip to content

Commit 80c34d0

Browse files
gbartolinimnencia
andauthored
docs: mention digests support in imageName
To get deterministic and repeatable deployments, you can add the digests to the image name, through the `<image>:<tag>@sha256:<digestValue>` format. This will ensure that you deploy the exact same image manifest. Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
1 parent 3a81cbc commit 80c34d0

5 files changed

Lines changed: 10 additions & 4 deletions

File tree

api/v1/cluster_types.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,9 @@ type ClusterSpec struct {
7878
// Description of this PostgreSQL cluster
7979
Description string `json:"description,omitempty"`
8080

81-
// Name of the container image
81+
// Name of the container image, supporting both tags (`<image>:<tag>`)
82+
// and digests for deterministic and repeatable deployments
83+
// (`<image>:<tag>@sha256:<digestValue>`)
8284
ImageName string `json:"imageName,omitempty"`
8385

8486
// The UID of the `postgres` user inside the image, defaults to `26`

config/crd/bases/postgresql.k8s.enterprisedb.io_clusters.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -458,7 +458,8 @@ spec:
458458
type: object
459459
type: array
460460
imageName:
461-
description: Name of the container image
461+
description: Name of the container image, supporting both tags (`<image>:<tag>`)
462+
and digests for deterministic and repeatable deployments (`<image>:<tag>@sha256:<digestValue>`)
462463
type: string
463464
imagePullSecrets:
464465
description: The list of pull secrets to be used to pull the images

docs/src/api_reference.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -243,7 +243,7 @@ ClusterSpec defines the desired state of Cluster
243243
Name | Description | Type
244244
--------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------
245245
`description ` | Description of this PostgreSQL cluster | string
246-
`imageName ` | Name of the container image | string
246+
`imageName ` | Name of the container image, supporting both tags (`<image>:<tag>`) and digests for deterministic and repeatable deployments (`<image>:<tag>@sha256:<digestValue>`) | string
247247
`postgresUID ` | The UID of the `postgres` user inside the image, defaults to `26` | int64
248248
`postgresGID ` | The GID of the `postgres` user inside the image, defaults to `26` | int64
249249
`instances ` | Number of instances required in the cluster - *mandatory* | int32

docs/src/operator_capability_levels.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,8 @@ Community and published on Quay.io by EnterpriseDB.
5454
You can use any compatible image of PostgreSQL supporting the
5555
primary/standby architecture directly by setting the `imageName`
5656
attribute in the CR. The operator also supports `imagePullSecretsNames`
57-
to access private container registries.
57+
to access private container registries, as well as digests in addition to
58+
tags for finer control of container image immutability.
5859

5960
### Labels and annotations
6061

docs/src/quickstart.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -169,3 +169,5 @@ spec:
169169
Never use tags like `latest` or `13` in a production environment
170170
as it might lead to unpredictable scenarios in terms of update
171171
policies and version consistency in the cluster.
172+
For strict deterministic and repeatable deployments, you can add the digests
173+
to the image name, through the `<image>:<tag>@sha256:<digestValue>` format.

0 commit comments

Comments
 (0)