[openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?
Fox, Kevin M
Kevin.Fox at pnnl.gov
Wed May 17 16:20:08 UTC 2017
What kolla's been discussing is having something like:
4.0.0-1, 4.0.0-2, 4.0.0-3, etc.
only keeping the most recent two. and then aliases for:
4.0.0 pointing to the newest.
This allows helm upgrade to atomically roll/forward back properly. If you drop releases, k8s can't properly do atomic upgrades. You will get inconsistent rollouts and will not know which containers are old and have the security issues. Knowing there is a newer -revision number also notifies you that you are running something old and need to update.
Thanks,
Kevin
________________________________________
From: Chris Dent [cdent+os at anticdent.org]
Sent: Wednesday, May 17, 2017 4:14 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?
On Wed, 17 May 2017, Thierry Carrez wrote:
> Back to container image world, if we refresh those images daily and they
> are not versioned or archived (basically you can only use the latest and
> can't really access past dailies), I think we'd be in a similar situation ?
Yes, this.
--
Chris Dent ┬──┬◡ノ(° -°ノ) https://anticdent.org/
freenode: cdent tw: @anticdent
More information about the OpenStack-dev
mailing list