Missing 1.13.3 tag in Dockerhub

[thtonon]

Hi!

I'm trying to pull the 1.3.3 tag from Dockerhub but it is returning the following error

GET https://index.docker.io/v2/library/vault/manifests/1.13.3: MANIFEST_UNKNOWN: manifest unknown; unknown tag=1.13.3

In dockerhub it appears that the tag wasn't pushed at all https://hub.docker.com/_/vault/tags?page=1&name=1.13

[maxb]

I guess something must have gone wrong in the publishing process, since it did get updated at https://github.com/hashicorp/docker-vault

A quick workaround for now would be to take note that library/vault is deprecated anyway (per https://hub.docker.com/_/vault) and move over to hashicorp/vault.

[cipherboy]

Do note that similarly to Consul we'll stopped publishing tags for 1.13.x once 1.14.0 GAs (1.13.4 in particular).

It appears our PR to update the Docker mirror was blocked on an older version, we'll address that and get the 1.13.3 tag pushed.

[maxb]

@cipherboy The current phrasing of the deprecation notice at https://hub.docker.com/_/vault seems to imply future 1.13.x releases and those from active older series would continue to be published until those release series go end of life.

If that's not the case, and all publishing to https://hub.docker.com/_/vault has now ceased, it would be nice if the statement of deprecation could be amended for clarity.

[cipherboy]

@maxb Yeah, this is in line with Consul's language though too:

Upcoming in Consul 1.16, we will stop publishing official Dockerhub images and publish only our Verified Publisher images. Users of Docker images should pull from hashicorp/consul instead of consul. Verified Publisher images can be found at https://hub.docker.com/r/hashicorp/consul.

vs

Upcoming in Vault 1.14, we will stop publishing official Dockerhub images and publish only our Verified Publisher images. Users of Docker images should pull from hashicorp/vault instead of vault. Verified Publisher images can be found at https://hub.docker.com/r/hashicorp/vault.

---

Do you have suggestions here? Maybe:

Upcoming in Vault 1.14, we will stop publishing [all] official Dockerhub images [versions] and publish only our Verified Publisher images. Users of Docker images should pull from hashicorp/vault instead of vault. Verified Publisher images can be found at https://hub.docker.com/r/hashicorp/vault.

[maxb]

The issue is that the "Upcoming in Vault 1.14" language primes someone who is used to thinking of software in terms of release series / branches, to view the rest of the text as a change introduced on main, first released in the 1.14 release series. (Whilst earlier release branches remain operating via previous release engineering tooling.)

Such a policy would have been most convenient for end users, as it would allow an end user currently following the 1.13.x series to continue to obtain images for future patch releases in that series, without needing to migrate to a different image flavour. (I recall someone mentioning that the library/vault and hashicorp/vault images were based on different Alpine versions, so are not necessarily trivial drop-in replacements.)

A phrasing such as:

From the day of release of Vault 1.14.0, we will stop publishing official Dockerhub images and publish only our Verified Publisher images. This will also apply to patch releases of Vault 1.13.x and earlier release branches, released after that time.

would be effective in eliminating that alternative interpretation.