Why image digest changes upon same image with different tags?

Solution Verified - Updated -

Issue

As explained in Openshift documentation about tags:

The vX.Y tag points to X.Y.Z-
and,
the X.Y.Z tag points to the latest X.Y.Z-

Putting ose-deployer image as example:+

$ skopeo inspect docker://registry.access.redhat.com/openshift3/ose-deployer | jq -r '.RepoTags | map(select(test("3.7"))) | .[]' | sort --version-sort
v3.7
v3.7.9
v3.7.9-21
v3.7.14
v3.7.14-5
v3.7.23
v3.7.23-3
v3.7.23-10

I would expect in the above example, that the "v3.7" tag (and "v3.7.23") point to the latest "X.Y.Z-" tag (v3.7.23-10), i.e have the same SHA256 digests. Let us check that.

$ skopeo inspect docker://registry.access.redhat.com/openshift3/ose-deployer:v3.7 | jq -r '.Tag,.Digest'
v3.7
sha256:0218d002e5da75a8aeeadc346b7457c6fef5bbc02d0b7b4c6c4bcffd9410634a

$ skopeo inspect docker://registry.access.redhat.com/openshift3/ose-deployer:v3.7.23 | jq -r '.Tag,.Digest'
v3.7.23
sha256:80536454573e4ae9644a9173a7e03968e86f5e3542e9bebc71a543be7721f8d9

$ skopeo inspect docker://registry.access.redhat.com/openshift3/ose-deployer:v3.7.23-10 | jq -r '.Tag,.Digest'
v3.7.23-10
sha256:218459c299fb6d1f5914beb7179fd96823ce3872810c76bb941d90e9518636cc

Clearly the tags point to different SHA256 digests, does it meant they are different images ?

Environment

OCP 3.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content