-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add versioned tags to dockerimage #33
Comments
It seems like a good idea. WDYT @yajo? |
It is a feature that is directly supported by Dockerhub, if you don't want to build a CI/CD. On Dockerhub you can directly build the git tags as docker tags. If you want any input or help I'll gladly provide it :) |
Agreed. It would be nice to have tagged versions, especially for something that's so security critical |
We don't use tags at the moment because there's no intention to maintain more than just 1 version of this image, and I wouldn't want to give the contrary sensation. This is not meant to be a inheritable haproxy solution with specific stuff for the docker proxy. Instead, it's intended to be just a no-brainer lock you put in front of the socket. I mean, the underlying proxy technology or version used should be irrelevant for our target users. We might even consider switching to a different proxy in the future if it is useful for something, as long as the behavior of the image remains the same. That said, if you care about pinning, you can use the image sha256 (which all images have, automatically). The most similar thing I'd approve as tags would be a date-based tag, but do you think it'd be really necessary given you can use sha256 for pinning? 🤔 |
@yajo I think maintaining only one version of the image is in no conflict with version tags for the image. This image is already updated when new versions of haproxy arrive. If one of these changes breaks something in my deployment it would be great to have a way back to the old version. Right now I have to build my own Dockerimage and then update haproxy myself. Also I think that using the sha256 hash is not a solution as automation solutions can not update between these as they can not know which one is the newer version. |
+1. It's not about maintaining multiple versions. It's about being able to pin to a specific version and be aware of a new release. Yes, you can use the hash, and you could even update by comparing to the hash of the It's the same reason we have Github releases. Sure, you could just reference commit hashes of a master/release branch, but versions are just convenient. There's also the matter of what happens if there's a bug? Maybe unlikely given the small size of the project, but if you're building every commit, and there's only one branch, I could easily get a bugged change, or exploitable HAProxy verison on an random |
Yes, I'm just curious about how recently the crowd is so worried about having updated, or versioned versions of this image. 🤔 My POV is that it shouldn't be that important what's the version, or even the proxy implementation behind this image. It's just a dumb thing you put in front of your socket and that does mostly "nothing" all the time (except if some unauthorized request lands, of course). According to that, I don't see a reason to maintain "versions". I mean, what's a "version" for this project? I'd see it more sensible to version it according to the docker API version than on the proxy itself, whose version should be meaningless for this project. Otherwise I think I'd just use a completely separate versioning system, unrelated to the haproxy version beneath. @joao-p-marques WDYT? |
Well, I agree that the concept of version from the point of view of the "product" is a bit unnecessary here or doesn't really apply. However, I think we wouldn't loose anything by having different versions pinned in docker images. Overall, I think it would be a nice improvement. With respect to the process of doing it, and to what @JanoschDeurer said:
We plan to migrate to GHCR in parallel with Docker Hub (see #34) so I think it would be better to integrate it directly in the CI in this project. |
OK, but then we should have some strategy regarding versions in code and images. Something like this:
|
This is exactly it. It's really just about having easily readable Docker image tags, rather than versioning the underlying "software". @yajo strategy goes above and beyond what I think is being requested, but if its practical, I think it is an even better way to go.
FWIW that is definitely what I would expect as far as versioning for the image. |
I'm using this container as a proxy for Traefik 2 too, and was surprised to not see versioned tags. Since I'm running a production workload, pinning a version is absolutely necessary. This is therefore missing critical for me. Thank you all for working on this:) |
Thank you @aendeavor 😃 |
Tagged images are added with #40 The structure will now be:
|
@joao-p-marques would you mind adding this information in the readme so that i can see it in docker hub? Also is |
Thanks for the warning, here it is: #53
Yes, by SEMVER standards, that is the case 👍 |
It would be great to have tags on the docker image so one can automatically detect and upgrade to a new version when one is available. This would be especially interesting when #32 is realized.
The text was updated successfully, but these errors were encountered: