Image Digest: The Immutable Image Identifier
An image digest is a unique fingerprint for a container image, guaranteeing you get the exact version you expect. Use it in production to pin an image, preventing unexpected updates from mutable tags like `:latest`. The footgun is assuming a tag is immutable.
An image digest is a unique, content-addressable fingerprint for a container image, guaranteeing you get the exact version you expect. Think of it as a git commit hash for your image's manifest. It's critical for production; specifying an image by its digest in a Kubernetes manifest ensures every deployment pulls the exact same bits, making builds reproducible. The footgun is relying on mutable tags like `v1.0`, which can be overwritten, leading to unpredictable deployments.
Read the original → github.com
- #containers
- #docker
- #kubernetes
- #oci
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.