Would people be open to a PR that adds support for specifying the shasum of a docker image in additi...

elegant-australia-91422

04/19/2022, 2:52 PM

Would people be open to a PR that adds support for specifying the shasum of a docker image in addition to the tag? Seems like a pretty minor change to

flytekit

that'd enable specifying images like `docker.io/my-image@sha256:...`/is helpful to ensure that a specific workflow is locked to an exact image. Happy to make the PR later this week.

thankful-minister-83577

04/19/2022, 3:58 PM

cc @high-park-82026

thankful-minister-83577

04/19/2022, 3:58 PM

i feel like this is something we’ve discussed in the past.

thankful-minister-83577

04/19/2022, 3:59 PM

more from a security standpoint than anything else but yeah this is why we some users will just set the image to the git sha

elegant-australia-91422

04/19/2022, 6:43 PM

Yeah that too. I tried this on the most recent version of

flytekit

and the image specified w/ the shasum failed a parsing step (looks like the regex is only looking for

tag

). This is a pretty important feature for us since it's how we ensure dependency compatibility between a workflow & the corresponding container image in our existing Argo setup.

high-park-82026

04/20/2022, 6:17 AM

Yes, @elegant-australia-91422 that sounds like a great step… as Yee said, we’ve discussed this in the past but never got around to supporting it… Thank you!

165 Views

Open in Slack

Previous Next

Flyte

Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.