What is the problem you're trying to solve
I would like to have clearer path for managing not-tagged images in ACR.
Currently, using Docker Hardened Images (DHI), especially with DHI Helm charts, is problematic (confusing) in ACR, due to the fact, that DHI use image digest instead of tag. Therefore, when the AKS deployment pulls image using its digest, the image is not visible at the image list in Azure Portal.
As I understand, the image is not visible because it does not have the tag. But it of course has digest.
Describe the solution you'd like
Digest should be managed in the same way as tags with images.
Additional context
This issue is created based on suggestion from here: #862 (comment)
Just let me also paste the questions that I've created in the above Issue:
In my ACR there are only images with tag (when checking via Portal).
When I do pull with sha256 the image is not visible in ACR.
How can I check if it is really there?
And if it is there, how can I manage it? Delete it?
Should I use "az acr manifest delete" for that?
Running "az acr manifest list" I gives me also the images pulled only by sha256.
Does it mean, that if the manifest with previously pulled sha256 is in ACR, then that image is stored/cached in ACR? So the manifest is not the "metadata" (as I understand it now) but it points to actual image?
What is the problem you're trying to solve
I would like to have clearer path for managing not-tagged images in ACR.
Currently, using Docker Hardened Images (DHI), especially with DHI Helm charts, is problematic (confusing) in ACR, due to the fact, that DHI use image digest instead of tag. Therefore, when the AKS deployment pulls image using its digest, the image is not visible at the image list in Azure Portal.
As I understand, the image is not visible because it does not have the tag. But it of course has digest.
Describe the solution you'd like
Digest should be managed in the same way as tags with images.
Additional context
This issue is created based on suggestion from here: #862 (comment)
Just let me also paste the questions that I've created in the above Issue:
In my ACR there are only images with tag (when checking via Portal).
When I do pull with sha256 the image is not visible in ACR.
How can I check if it is really there?
And if it is there, how can I manage it? Delete it?
Should I use "az acr manifest delete" for that?
Running "az acr manifest list" I gives me also the images pulled only by sha256.
Does it mean, that if the manifest with previously pulled sha256 is in ACR, then that image is stored/cached in ACR? So the manifest is not the "metadata" (as I understand it now) but it points to actual image?