validate: warn about using non-tagged latest images
See original GitHub issueIf a given user uses a certain image username/myanalysisimage
always pointing to latest
we will face the following problem:
- The user will run the workflow once and REANA will pull
username/myanalysisimage:latest
with the hash4ac0e1872789
- The user realizes that there is something wrong in the image resulting in an error
- The user fixes it and builds a new image
username/myanalysisimage:latest
which is in reality a new image with hash879952dab949
- REANA, when it creates a Kubernetes job, does not set an image pull policy so it falls back to the default
IfNotPresent
- This means that, if the user job is allocated in a node where
username/myanalysisimage:latest
with hash4ac0e1872789
is present, the new879952dab949
won’t be pulled
- This means that, if the user job is allocated in a node where
- The user will expect to have the new image (
879952dab949
) which was just pushed to the Docker registry but in reality, the analysis will be run with4ac0e1872789
resulting in the same old error
Possible solutions:
- Set all Kubernetes to
imagePullPolicy: Always
, leading into a performance issue, all jobs will be delayed because a image pull needs to be performance, and what is more, the network would be overloaded - User contacts us, admin makes an intervention:
for node in $(kubectl get nodes); do ssh -i reana.pem fedora@$node 'sudo su - root docker rmi username/myanalysisimage'
- Allow users to specify
-o image-force-pull
as a workflow operational option when they face this problem
Issue Analytics
- State:
- Created 4 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Examples of lifecycle policies - Amazon ECR
Rule 1 identifies images tagged with alpha . It identifies images A and C. It should keep the newest image and mark the...
Read more >Policy to retain untagged manifests - Azure Container Registry
Warning. Set a retention policy with care--deleted image data is ... you can quickly verify that untagged manifests are deleted:.
Read more >Facebook AI will alert users when untagged photos of them are ...
Facebook will use machine learning to notify users when a photo of them is uploaded, giving them an option to contact the user...
Read more >NEW DROP ALERT!!! Check out the Untagged app... - Facebook
NEW DROP ALERT!!! Check out the Untagged app to see the latest clothes uploads from @chloee_woods ... All clothes are traded with our...
Read more >Reduce Container Registry storage - GitLab Docs
Measuring usage is only possible on the new version of the GitLab ... Valid values for keep_n (number of tags kept per image...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
(1) We need to create a new click option
validate --environments
where all this work (and some other tickets) will be plugged under.(2) This issue is about creating
check_environment_tags()
function that will go through all runtime environment specified by the researcher and check whether it uses “latest” tag, or no tag, in which case it should return a warning.(3) Note that the implementation will differ based on which workflow engine people use:
Take RooFit demo as an example.
For Serial, the environment is specified under “environment” label in “reana.yaml”. The code should read the strings from there, and check if there is “:sometag”, and if sometag is not latest.
For Yadage, the tag is specified in
imagetag
in workflow specs, which are read by the client after “reana.yaml” is read.For CWL, the tag is specified under 'dockerPull` in workflow specification.
See
rg 6.18.04
for location of all the places.Implementation-wise, the
check_environment_tags()
function should support all the three engines. There could be three atomic functions implementing the check for each engine.(4) We could later create test cases, since this is basically a string manipulation task, it should be relatively straightforward.
Closed by https://github.com/reanahub/reana-client/pull/468