Understanding Docker’s “latest” Tag

Tags look comparable to my-image: most current, with the part prior to the colon defining the image name and the latter section defining the variation.
Your image will be automatically given newest as its variation tag. Container orchestration tools cant help you alter “the new latest image” back into “the old newest image”.
As soon as a tags been designated, that tag shouldnt be reused by the exact same image. As an image author, youll make it more hard for users to with confidence reference your image if you only release with the newest tag.

# Creates my-image: v1 (3rd image).
docker build -t my-image: v1.
If you now ran docker run my-image: newest, you d be using the second image to be developed. The v1 tag is totally independent of latest, so developing the 3rd image has no effect on the existing two. If you wanted my-image: v1 to likewise end up being the newest image, you d need to by hand tag and push it in a separate operation.
This develops a lot of confusion within the Docker environment. Lots of image creators do tag their newest releases with most current. This imbues the tag with additional value that Docker didnt plan. Other authors use most current for their development develops, while some will not release a most current tag at all.
The absence of consistency among image authors can make it uncertain whether latest is truly the most current image or not. The most important rule of latest is to never ever make presumptions about how a specific image will utilize the tag.
Avoid Pinning to newest.
You shouldnt take in the most current tag of an image whenever a more specific alternative is offered. Unless you understand the images author actively updates the current tag, pinning against it may not deliver the version you anticipate.
Most images use semantic versioning to develop release tags. Its much safer to take in my-image:1.1 than my-image: most current. If the author does not keep latest, you could wind up with a heavily outdated image. Conversely, authors that do maintain newest often use the tag for their bleeding-edge advancement variation. Pinning versus it is likely to deliver regular breaking changes that you will not be alerted about.
Numerous container environment projects now alert versus utilizing newest for this factor. Kubernetes keeps in mind that utilizing latest is not just unforeseeable but likewise makes it harder for you to determine the real image version used by your containers.
Rolling back a container thats released with latest isnt straight possible. Youve got no reference indicate work with. If you require to, changing an image tag from 1.1.0 to 2.1.0 lets you quickly go back the upgrade. Container orchestration tools cant assist you change “the new newest image” back into “the old latest image”.
Immutability.
More basically, good tagging practice dictates that image tags need to be immutable. Once a tags been assigned, that tag should not be reused by the same image. This enables downstream customers to pin against specific versions, safe in the understanding theyll get the exact same image each time.
latest breaks this system by being inherently mutable. If you utilize newest, you have to accept modification. As an image author, youll make it harder for users to confidently reference your image if you just publish with the most recent tag.
Numerous tools make assumptions about how image tags are utilized. latest typically gets unique treatment which you need to remain conscious of. Kubernetes, for example, will constantly try to pull a newer variation of the current tag, even if one already exists in your area. Other tags only get pulled if they dont currently exist within the cluster.
Better Approaches to Tagging.
Attempt to stick to semantic versioning when youre tagging images that will be publicly readily available. This is an extensively understood standard that helps interact the magnitude of each modification you make to your image.
You have more alternatives when creating images for private usage. Images which are developed by a CI server can typically be tagged with the SHA of the commit which ran the pipeline.
You dont require to keep it updated with the “newest” version of your image. If you do publish a most current tag, make sure you specify what it will refer to.
Summary.
The evident simplicity of Dockers latest tag masks a quagmire of possible problems. Youll experience them both as an image author and consumer. The issues come from the semantic inconsistency of the tag: while it sounds vibrant, its nothing more than a fixed tag appointed by Docker in the lack of a user-supplied worth.
You need to pin against specific image versions anywhere possible. This will help you avoid breaking modifications and ambiguous third-party tool behaviours. As an image author, attempt to supply semantic release versions and make it clear how your project deals with newest. This will help prospective users assess how to reference your image.

Docker tags are used to recognize images by name. Each image can have multiple tags designated. Tags look similar to my-image: most current, with the part before the colon specifying the image name and the latter area defining the variation.
You can tag an image without anything after the colon. Your image will be immediately given newest as its variation tag. This is a typical source of confusion for newcomers to Docker.
The Problems With most current
The semantics of the newest tag appear to recommend some unique meaning beyond what really exists. In truth, newest is used as the default tag when you havent defined anything else. Thats the only time itll be used– it does not instantly refer to the latest image youve developed.
Heres an example of the resulting problem:
# Creates my-image: latest (first image).
docker build -t my-image.

# Updates my-image: newest (2nd image).
docker construct -t my-image: newest.

Available for Amazon Prime