[Pulp-list] Pulp_Docker Layers

Michael Hrivnak mhrivnak at redhat.com
Thu Sep 3 13:39:38 UTC 2015


pulp supports removal of specific images/layers. Removing one from the
middle of an ancestry line definitely breaks its children permanently.

Given a rhel base image, a generic python web app image based on that, and
then a custom app image as the "leaf" of your tree, assume you need to
patch a CVE in that middle python layer. You would rebuild the python
layer, rebuild the custom app image, upload them to pulp, and then remove
the old branch of the tree completely.

This is conceptually the same with v1 and v2; they've mostly just changed
terminology.

Michael

On Wed, Sep 2, 2015 at 4:30 PM, Scott McCarty <smccarty at redhat.com> wrote:

> Once more quick question, I remember a while back it was possible to
> remove image layers with pulp_docker. Is that still possible, for example,
> if there is a critical CVE in a repo and we want to limit who can pull that
> image and deploy it?
>
> Does that break the Docker image layering if you yank one in the middle?
>
> Best Regards
> Scott M
>
> Scott McCarty, RHCA
> Technical Product Marketing: Containers
> Email: smccarty at redhat.com
> Phone: 312-660-3535
> Cell: 330-807-1043
> Web: http://crunchtools.com
>
> Why does the user space matter anyway? http://red.ht/1hwhLUB
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20150903/b78ed4c2/attachment.htm>


More information about the Pulp-list mailing list