قالب وردپرس درنا توس
Home / Tips and Tricks / Understanding the “latest” tag from Docker – CloudSavvy IT

Understanding the “latest” tag from Docker – CloudSavvy IT



Docker tags are used to identify images by name. Multiple tags can be assigned to each image. Tags look like my-image:latest, where the part before the colon defines the name of the image and the last section specifies the version.

You can tag an image without anything after the colon. Your image is automatically given latest as release tag. This is a common source of confusion for newbies to Docker.

The problems with the latest

The semantics of the latest label appear to suggest a special meaning beyond what actually exists. In reality, latest is used as the default tag when you have not specified anything else. That is the nothing but time it will be used ̵

1; it does not automatically reference it newest image you have built.

Here’s an example of the resulting problem:

# Creates my-image:latest (first image)
docker build -t my-image

# Updates my-image:latest (second image)
docker build -t my-image:latest

# Creates my-image:v1 (third image)
docker build -t my-image:v1

If you run away now docker run my-image:latest, would you like the second build image. The v1 tag is completely independent of latest, so building the third image has no effect on the existing two. If you want my-image:v1 to also the latest image, you need to manually tag and push it in a separate edit.

This creates a lot of confusion within the Docker ecosystem. Lots of image makers To do tag their latest releases with latest. This gives the tag extra importance that Docker didn’t intend. Other authors use latest for their development builds, while some don’t have latest tag all the way.

The lack of consistency between image authors can make it unclear whether or not latest is really the last image or not. The main rule of latest is to never make assumptions about how a particular image will use the tag.

Avoid getting stuck on the latter

You may use the latest tag of an image when a more specific alternative is available. Unless you know the author of the image is actively working it latest tag attached to it may not deliver the version you expect.

Most images use semantic versioning to create release tags. It is much safer to consume my-image:1.1 than my-image:latest. If the author doesn’t keep it up latest, you could end up with a very outdated image. Conversely, authors that To do maintain latest often use the tag for their advanced development version. If you stick with it, it will likely deliver significant changes on a regular basis that you won’t be warned about.

Several container ecosystem projects are now warning against the use of latest for this reason. Kubernetes notes that using latest is not only unpredictable, but also makes it more difficult for you to control the for real image version used by your containers.

Roll back a container that was deployed with latest is not immediately possible. You have no reference point to work with. Change an image tag from 1.1.0 to 2.1.0 lets you easily roll back the upgrade if needed. Container organization tools can’t help you “the new latest image “back in” the old latest statue”.

Immutability

More fundamentally, good tagging practice dictates that image tags must be immutable. Once a tag has been assigned, that tag cannot be reused by the same image. This allows downstream consumers to pin on specific versions, knowing that they will get the same picture every time.

latest breaks this system by being inherently changeable. If you use latest, you have to accept change. As an image author, you make it more difficult for users to refer to your image with confidence if you only publish with the latest label.

Many tools rely on the use of image tags. latest often receives special treatment that you should be aware of. Kubernetes will do that, for example always try a newer version of it latest tag, even if a local already exists. Other tags are only fetched if they do not already exist in the cluster.

Better approaches to tagging

Try to stick to semantic versions when tagging images that will be publicly available. This is a widely accepted standard that helps communicate the magnitude of any change you are making to your image.

You have more options when creating images for private use. Images taken by a CI server can often be tagged with the SHA of the commit that ran the pipeline. This ensures that each pipeline creates a unique tag that will not be overwritten in the future. It also helps you match images in your container registry with the codebase changes that made them.

Finally, don’t think too much about it latest label. You don’t have to keep it up to date with the “latest” version of your image. It is often best to ignore it completely unless you are running docker build without a tag name it is never created. If you have a latest tag, make sure to indicate what it refers to.

Resume

Docker’s apparent simplicity latest tag masks a swamp of potential problems. You will encounter them both as an image author and as a consumer. The issues stem from the tag’s semantic inconsistency: while it sounds dynamic, it’s nothing more than a static tag assigned by Docker in the absence of a user-specified value.

You should pin against specific image versions whenever possible. This will help you avoid breaking changes and ambiguous behavior of third party utilities. As an image author, try to provide semantic release versions and make it clear how your project is being handled latest. This helps potential users judge how to refer to your image.


Source link