HiveBrain v1.2.0
Get Started
← Back to all entries
patterndockerMinor

Is it reliable to use Docker's hash as a mean to determine image's version between different platform

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
platformimagereliabledockerversionmeanhashdifferentbetweendetermine

Problem

Situation

I have a docker image on a Linux box. I push it onto a docker registry (AWS ECR).

Then, I use the image pushed onto that docker registry in a K8s pod.

Question

How do I know the docker image used for the K8s pod is the same as the one on the Linux box? Note that the tag is irrelevant. I set it to different things all the time.

Solution

Yes, you can use the repository digest for this. Note that while this is a hash of the container, it's a hash specific to the repository, and is NOT the image id, which is a separate sha256 hash.

Once you push or pull a docker container to/from a registry, it acquires some repository metadata, including the repository digest for that container. You can see that digest by running docker inspect and looking for the RepoDigests section of the json (or just pipe that command into jq '.[].RepoDigests' if you have it installed.

Now you can compare that with the docker pullable of the kubernetes pod you want to check by running this command:

kubectl get pod -o jsonpath='{.status.containerStatuses[*].imageID}'

If the hashes of both of those values match, then you can be sure they are running the same container.

Context

StackExchange DevOps Q#10073, answer score: 3

Revisions (0)

No revisions yet.