An image stream and its associated tags provide an abstraction for referencing
Docker images from within Digital Garage.
The image stream and its tags allow you to see what images are available
and ensure that you are using the specific image you need even if the image in the repository changes.
Image streams do not contain actual image data, but present a single virtual view of related images, similar to an image repository.
You can configure Builds and
Deployments to watch an image stream
for notifications when new images are added and react by performing a Build or Deployment, respectively.
For example, if a Deployment is using a certain image and a new version of that image is created,
a Deployment could be automatically performed to pick up the new version of the image.
However, if the image stream tag used by the Deployment or Build is not updated,
then even if the Docker image in the Docker registry is updated, the Build or Deployment will continue using the previous (presumably known good) image.
The source images can be stored in any of the following:
Digital Garage’s integrated
An external registry, for example
Other image streams in the Digital Garage cluster
When you define an object that references an image stream tag (such as a or Build configuration or Deployment configuration), you point to an image stream tag, not the Docker repository. When you Build or Deploy your application, Digital Garage queries the Docker repository using the image stream tag to locate the associated ID of the image and uses that
The image stream metadata is stored in the etcd instance along with other cluster information.
The following image stream contains two tags:
34 which points to a Python v3.4 image and
35 which points to a Python v3.5 image:
oc describe is python
Created: 25 hours ago
Docker Pull Spec: docker-registry.default.svc:5000/imagestream/python
Image Lookup: local=false
Unique Images: 2
tagged from centos/python-34-centos7
14 seconds ago
tagged from centos/python-35-centos7
7 seconds ago
Using image streams has several significant benefits:
You can tag, rollback a tag, and quickly deal with images, without having to re-push using the command line.
You can trigger Builds and Deployments when a new image is pushed to the registry. Also,
Digital Garage also has generic triggers for other resources (such as Kubernetes objects).
You can mark a tag for periodic re-import.
If the source image has changed, that change is picked up and reflected in the image stream, which triggers the Build and/or Deployment flow, depending upon the Build or Deployment configuration.
You can share images using fine-grained access control and quickly distribute images across your teams.
If the source image changes, the image stream tag will still point to a known-good version of the image, ensuring that your application will not break unexpectedly.
You can configure security around who can view and use the images through permissions on the image stream objects.
Users that lack permission to read or list images on the cluster level can still retrieve the images tagged in a project using image streams.
When using image streams, it is important to understand what the image stream tag is pointing to and how changes to tags and images can affect you. For example:
If your image stream tag points to a Docker image tag, you need to understand how that Docker image tag is updated. For example, a Docker image tag
docker.io/ruby:2.4 will probably always point to a v2.4 ruby image. But, a Docker image tag
docker.io/ruby:latest will probably change with major versions. So, the Docker image tag that a image stream tag points to can tell you how stable the image stream tag will be, if you choose to reference it.
If your image stream tag follows another image stream tag (it does not point directly to a docker image tag), it is possible that the image stream tag will be updated to follow a different image stream tag in the future. Again, this could result in picking up an incompatible version change.
- Docker repository
A collection of related docker images and tags identifying them.
For example, the OpenShift Jenkins images are in a Docker repository:
- Docker registry
A content server that can store and service images from Docker repositories.
- Docker image
A specific set of content that can be run as a container. Usually associated with a particular tag within a Docker repository.
- Docker image tag
A label applied to a Docker image in a repository that distinguishes a specific image. For example, here 3.6.0 is a tag:
A Docker image tag can be updated to point to new Docker image content at any time.
- Docker image ID
A SHA (Secure Hash Algorithm) code that can be used to pull an image. For example:
A SHA image ID cannot change. A specific SHA identifier always references the exact same docker image content.
- Image stream
An Digital Garage object that contains pointers to any number of Docker-formatted container images identified by tags. You can think of an image stream
as equivalent to a Docker repository.
- Image stream tag
A named pointer to an image in an image stream. An image stream tag is similar to a Docker image tag. See Image Stream Tag below.
- Image stream image
An image that allows you to retrieve a specific Docker image from a particular image stream where it is tagged.
An image stream image is an API resource object that pulls together some metadata about a particular image SHA identifier.
See Image Stream Images below.
- Image stream trigger
A trigger that causes a specific action when an image stream tag changes. For example, importing can cause the value of the tag to change, which
causes a trigger to fire when there are Deployments, Builds, or other resources listening for those. See Image Stream Triggers below.
Configuring Image Streams