Bring back updated spec docs

The updated documentation has gotten lost due to the back and forth with v1beta3. Signed-off-by: Max Jonas Werner <mail@makk.es>
fluxcd · Sep 20, 2023 · 5cfa766 · 5cfa766
1 parent b787e9c
commit 5cfa766
Showing 1 changed file with 38 additions and 10 deletions.
diff --git a/docs/spec/v1beta2/imagepolicies.md b/docs/spec/v1beta2/imagepolicies.md
@@ -21,6 +21,7 @@ metadata:
 spec:
   imageRepositoryRef:
     name: podinfo
+  digestReflectionPolicy: IfNotPresent
   policy:
     semver:
       range: 5.1.x
@@ -37,8 +38,8 @@ In the above example:
   the scanned tags from the internal database for the image name. The read tags
   are then used to select the latest tag based on the policy defined in
   `.spec.policy`.
-- The latest image is constructed with the ImageRepository image and the
-  selected tag, and reported in the `.status.latestImage`.
+- The latest image's name is derived from the ImageRepository image and reported
+  together with the selected tag and digest in the `.status.latestRef` object.
 
 This example can be run by saving the manifest into `imagepolicy.yaml`.
 
@@ -68,6 +69,10 @@ Status:
     Status:                True
     Type:                  Ready
   Latest Image:            ghcr.io/stefanprodan/podinfo:5.1.4
+  Latest Ref:
+    Digest:                 sha256:2d9a00b3981628a533ff43352193b1838b0a4bf6b0033444286f563205e51a2c
+    Image:                  ghcr.io/stefanprodan/podinfo
+    Tag:                    5.1.4
   Observed Generation:     1
 Events:
   Type    Reason     Age              From                        Message
@@ -250,6 +255,19 @@ spec:
 In the above example, the timestamp value from the tag pattern is extracted and
 used in the policy rule to determine the latest tag.
 
+### Digest Reflection
+
+`.spec.digestReflectionPolicy` is a field that governs the reflection of the selected image's
+digest in the ImagePolicy's `.status.latestRef.digest` field. The field has three possible values:
+
+- `Never`: If the field is set to `Never` (the default) the digest will not be reflected at all.
+- `Always`: This value leads to the digest of the latest tag to always be reflected in
+  `.status.latestRef.digest`. An existing, potentially different digest will be overwritten with the
+  most recent value retrieved from the image registry even if the tag didn't change. This may be useful
+  to track mutable tags like `latest`.
+- `IfNotPresent`: This value will only store the digest of the latest tag once and never overwrite an
+  existing value unless the tag has changed as well. This is the safest option to track immutable tags.
+
 ## Working with ImagePolicy
 
 ### Triggering a reconcile
@@ -331,10 +349,12 @@ specific ImagePolicy, e.g.
 
 ## ImagePolicy Status
 
-### Latest Image
+### Latest Ref
 
-The ImagePolicy reports the latest select image from the ImageRepository tags in
-`.status.latestImage` for the resource.
+The ImagePolicy reports the latest selected image from the ImageRepository tags in
+`.status.latestRef` for the resource. The field `.status.latestRef.digest` is dependent
+on the [chosen digest reflection policy](#digest-reflection) and is only set for the
+`Always` or `IfNotPresent` policies.
 
 Example:
 
@@ -345,13 +365,17 @@ kind: ImagePolicy
 metadata:
   name: <policy-name>
 status:
-  latestImage: ghcr.io/stefanprodan/podinfo:5.1.4
+  latestRef:
+    image: ghcr.io/stefanprodan/podinfo
+    tag: 5.1.4
+    digest: sha256:2d9a00b3981628a533ff43352193b1838b0a4bf6b0033444286f563205e51a2c
+[...]
 ```
 
-### Observed Previous Image
+### Observed Previous Ref
 
 The ImagePolicy reports the previously observed latest image in
-`.status.observedPreviousImage` for the resource. This is used by the
+`.status.observedPreviousRef` for the resource. This is used by the
 ImagePolicy to determine an upgrade path of an ImagePolicy update. This field
 is reset when the ImagePolicy fails due to some reason to be able to distinguish
 between a failure recovery and a genuine latest image upgrade.
@@ -364,8 +388,12 @@ kind: ImagePolicy
 metadata:
   name: <policy-name>
 status:
-  latestImage: ghcr.io/stefanprodan/podinfo:6.2.1
-  observedPreviousImage: ghcr.io/stefanprodan/podinfo:5.1.4
+  latestRef:
+    image: ghcr.io/stefanprodan/podinfo
+    tag: 6.2.1
+  observedPreviousRef:
+    image: ghcr.io/stefanprodan/podinfo
+    tag: 5.1.4
 ```
 
 ### Conditions