add support for sha256 container image specifications #5233
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?
The operator doesn't work when the image spec includes a sha256 image reference.
For security reasons, I much prefer to use the sha256 method of retrieving container images, rather then tags. Eg, we want to do
pingcap/tidb@sha256:deadbeef....
instead ofpingcap/tidb:v7.1.0
. However, this breaks the operator because the operator tests if it can set labels in https://github.com/pingcap/tidb-operator/blob/master/pkg/manager/member/tidb_member_manager.go#L1142 by checking if the version extracted from the container image spec is greater thanv6.3.0
.When I use the sha256 method of container image specification this code reports that we can't set labels and bails on all the code after that check.
This change makes it so that any valid sha256 is considered a greater version number then any other, similar to the logic for handling
latest
ornightly
.What is changed and how does it work?
The logic in the semantic version comparison is changed to support sha256 values. A value is consider a sha256 if
hex.DecodeString
returns no error and the length of the string is 64.Code changes
Tests
Side effects
There's a potential that people are using 6.3.0 or early with sha256 container image specs.
Related changes
Release Notes
Please refer to Release Notes Language Style Guide before writing the release note.