Prevent tags from being overwritten¶
By default, users with read and write access
to a repository can push the same tag
multiple times to that repository. For example, when user A pushes an image
to library/wordpress:latest
, there is no preventing user B from pushing
an image with the same name but a completely different functionality. This can
make it difficult to trace the image back to the build that generated it.
To prevent tags from being overwritten, you can configure a repository to be immutable. Once configured, MSR will not allow anyone else to push another image tag with the same name.
Make tags immutable¶
You can enable tag immutability on a repository when you create it, or at any time after.
New Repository¶
If you’re not already logged in, navigate to https://<msr-url>
and
log in with your MKE credentials. To make tags immutable on a new
repository, do the following:
Follow the steps in Create a repository.
Click Show advanced settings, and turn on Immutability. Note that tag limits are enabled when immutability is enabled for a repository.
Existing Repository¶
Select Repositories in the left-side navigation panel.
Click on the name of the repository that you want to view. Note that you will have to click on the repository name following the
/
after the specific namespace for your repository.Select the Settings tab, and turn on Immutability.
From now on, you will get an error message when trying to push a tag that already exists:
docker push msr-example.com/library/wordpress:latest
unknown: tag=latest cannot be overwritten because
msr-example.com/library/wordpress is an immutable repository