Prevent tags from being overwritten¶
By default, users with read and write access
to a repository can push the same tag
multiple times to that repository. For example, when user A pushes an image
library/wordpress:latest, there is no preventing user B from pushing
an image with the same name but a completely different functionality. This can
make it difficult to trace the image back to the build that generated it.
To prevent tags from being overwritten, you can configure a repository to be immutable. Once configured, MSR will not allow anyone else to push another image tag with the same name.
Make tags immutable¶
You can enable tag immutability on a repository when you create it, or at any time after.
If you’re not already logged in, navigate to
log in with your MKE credentials. To make tags immutable on a new
repository, do the following:
Follow the steps in Create a repository.
Click Show advanced settings, and turn on Immutability. Note that tag limits are enabled when immutability is enabled for a repository.
Select Repositories on the left navigation pane.
Click on the name of the repository that you want to view. Note that you will have to click on the repository name following the
/after the specific namespace for your repository.
Select the Settings tab, and turn on Immutability.
From now on, you will get an error message when trying to push a tag that already exists:
docker push msr-example.com/library/wordpress:latest unknown: tag=latest cannot be overwritten because msr-example.com/library/wordpress is an immutable repository