Chart
perses
Proposal
Hello,
Currently we cannot use digest to pin a specific version of an image in the chart because:
- The chart does not have a proper
digest parameter
- If we give the digest in the
version parameter to bypass this, it does not work because the digest will appear in the labels under app.kubernetes.io/version of kube resources (eg: PVC, PV, Ingress etc)
Example :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: perses
labels:
helm.sh/chart: perses-0.21.0
app.kubernetes.io/name: perses
app.kubernetes.io/instance: perses
app.kubernetes.io/version: v0.53.1@sha256:e34cc780037218dc21ce2d40114116567987058ae6631d264ab3eb7d9c5840d3
app.kubernetes.io/part-of: perses
app.kubernetes.io/managed-by: Helm
Leaving the following error while trying to apply the manifest :
"v0.53.1@sha256:e34cc780037218dc21ce2d40114116567987058ae6631d264ab3eb7d9c5840d3": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')]
Hence, I propose that we can have an additionnal parameter in the chart for both perses image and sidecar image so that we can define a custom digest that will not appear in the labels but that will be used for deployment.
It could be something like
image:
# -- Perses image registry
registry: docker.io
# -- Perses image repository and name
name: "persesdev/perses"
# -- Overrides the image tag whose default is the chart appVersion.
version: ""
# -- Default image pull policy
pullPolicy: IfNotPresent
digest: ""
[...]
sidecar:
# -- Enable the sidecar container for ConfigMap provisioning
enabled: false
# -- List of usernames to bind to the Perses global-admin role when the sidecar is enabled
globalAdminUsers: []
image:
# -- Container image registry for the sidecar
registry: docker.io
# -- Container image repository for the sidecar
repository: kiwigrid/k8s-sidecar
# -- Container image tag for the sidecar
tag: 2.5.0
digest: ""
An other solution would be to make modifications in the template so that the digest that we define in the version parameter does not appear in the app version label to avoid generating a label that is too long
Either way I think it is important to be able to define a digest for safety purpose, so that we know a version that we use has not been compromised in the repository that we use
Chart
perses
Proposal
Hello,
Currently we cannot use digest to pin a specific version of an image in the chart because:
digestparameterversionparameter to bypass this, it does not work because the digest will appear in the labels underapp.kubernetes.io/versionof kube resources (eg: PVC, PV, Ingress etc)Example :
Leaving the following error while trying to apply the manifest :
Hence, I propose that we can have an additionnal parameter in the chart for both
persesimage andsidecarimage so that we can define a customdigestthat will not appear in the labels but that will be used for deployment.It could be something like
An other solution would be to make modifications in the template so that the digest that we define in the
versionparameter does not appear in the app version label to avoid generating a label that is too longEither way I think it is important to be able to define a digest for safety purpose, so that we know a version that we use has not been compromised in the repository that we use