1

So I am building an image with a dockerfile locally, and then pushing the image to quay with a specific tag

i.e.

podman build -t quay.io/user/test:v1.0
pushman push quay.io/user/test:v1.0

I see the image in quay and can pull and run it fine.

However, if I make changes to the code, and run those same commands again

podman build -t quay.io/user/test:v1.0
pushman push quay.io/user/test:v1.0

I see that the quay image shows an updated image has been received on that tag. However, when I pull the image the code changes are not present.

If I push the exact same sha that resulted from the pod build to quay with a different tag (i.e. v2) the changes do show.

Is there no way to overwrite an existing tag in the manner I am trying? What is the correct way to do this?

BMitch
  • 231,797
  • 42
  • 475
  • 450
user21113865
  • 99
  • 7

1 Answers1

0

when you push an image with the same tag subsequently, like in other registries, the tag is overwritten in Quay. Quay is read-after-write consistent, so when you pull the image you've just overwritten you should get the new image in your local podman image cache. You can verify this by comparing the digests of the image in Quay and your local podman install via podman inspect.

You probably know this already, but in order for podman to run the newer image tag you need to delete and recreate the container. See here: https://www.redhat.com/sysadmin/update-container-images-podman.

Just pulling a new image (with the same tag) will not do anything to your running containers, even if they seem to refer to the same tag. This is because at the time of executing podman run... podman will create a configuration of your running container in /run/user/$UID/run (see --runroot here: https://docs.podman.io/en/latest/markdown/podman.1.html) which captures the entire state of the container, including the identity of the image you wanted it to run. The image is referred to by digest in this configuration and the digest was resolved from the tag at the time you initially did podman run.... It does not change after that. Containers (configuration) are immutable. So even if you podman restart... the container it will read this configuration and restart the container using the old image.

But first you'll have to make sure that you really pulled the new image by comparing the digests between your machine and Quay. You can find the digest in the Quay UI. You can also check that the tag was indeed overwritten by looking at the "Tag History" panel in Quay.

Hope this helps!

PS: Quay also actually still stores your older version of the image in sort of a recycle bin area for a particular duration (usually 2 weeks). You can restore it from there using the "Tag History" panel by clicking the "Revert to..." button next to tag overwrite events. This is called "Time Machine" in Quay and helps recover from mishaps like accidentally overwriting your image.

SensibleDefaults
  • 21
  • 2