1
0
This commit is contained in:
Wonderfall 2022-03-31 00:28:13 +02:00
parent 5b41a545e2
commit 9727d11738

View File

@ -35,7 +35,7 @@ Containers are made from images, and images are typically built from a Dockerfil
Images are what make containers, well, containers. Containers made from the same image should behave similary on different machines. Images can have **tags**, which are useful for software versioning. The usage of generic tags such as `latest` is often discouraged because it defeats the purpose of the expected behavior of the container. Tags are not necessarily immutable by design, and they shouldn't be (more on that below). **Digest**, however, is the attribute of an immutable image, and is often generated with the SHA-256 algorithm. Images are what make containers, well, containers. Containers made from the same image should behave similary on different machines. Images can have **tags**, which are useful for software versioning. The usage of generic tags such as `latest` is often discouraged because it defeats the purpose of the expected behavior of the container. Tags are not necessarily immutable by design, and they shouldn't be (more on that below). **Digest**, however, is the attribute of an immutable image, and is often generated with the SHA-256 algorithm.
Now onto why tags shouldn't be immutable: as written above, containers bring us an abstraction over the OS dependencies that are used by the packaged software. That is nice indeed, but this shouldn't lure us into into believing that we can forget security updates. The fact is, **there is still an OS to care about**, and we can't just think of the container as a simple package tool for software. Now onto why tags shouldn't be immutable: as written above, containers bring us an abstraction over the OS dependencies that are used by the packaged software. That is nice indeed, but this shouldn't lure us into believing that we can forget security updates. The fact is, **there is still an OS to care about**, and we can't just think of the container as a simple package tool for software.
For these reasons, good practices were established: For these reasons, good practices were established:
- An image should be as minimal as possible (Alpine Linux, or scratch/distroless). - An image should be as minimal as possible (Alpine Linux, or scratch/distroless).