This PR provides the information to driver implementations necessary to reference invocation images by digest, and implements pulling by digest for Kubernetes. Referencing by digest instead of tag is an inexpensive way to allow some drivers to ensure that the correct invocation image digest is resolved.
Note that this does not provide any validation of image digests beyond whatever is supported by the user's container runtime, and is complementary to the work in https://github.com/deislabs/cnab-go/pull/113.
It looks like Kubernetes supports digest validation, so offloading this to the container runtime is a possible solution to #101 in some cases.
This PR provides the information to driver implementations necessary to reference invocation images by digest, and implements pulling by digest for Kubernetes. Referencing by digest instead of tag is an inexpensive way to allow some drivers to ensure that the correct invocation image digest is resolved.
Note that this does not provide any validation of image digests beyond whatever is supported by the user's container runtime, and is complementary to the work in https://github.com/deislabs/cnab-go/pull/113.
It looks like Kubernetes supports digest validation, so offloading this to the container runtime is a possible solution to #101 in some cases.