Docker tags are used to establish photos by identify. Every picture can have a number of tags assigned. Tags look just like
my-image:newest, with the half earlier than the colon defining the picture identify and the latter part specifying the model.
You’ll be able to tag a picture with out something after the colon. Your picture shall be routinely given
newest as its model tag. This can be a widespread supply of confusion for newcomers to Docker.
The Issues With newest
The semantics of the
newest tag appear to recommend some particular which means past what really exists. In actuality,
newest is used because the default tag once you haven’t specified anything. That’s the solely time it’ll be used – it doesn’t routinely seek advice from the latest picture you’ve constructed.
Right here’s an instance of the ensuing drawback:
# Creates my-image:newest (first picture) docker construct -t my-image # Updates my-image:newest (second picture) docker construct -t my-image:newest # Creates my-image:v1 (third picture) docker construct -t my-image:v1
If you happen to now ran
docker run my-image:newest, you’d be utilizing the second picture to be constructed. The
v1 tag is totally unbiased of
newest, so constructing the third picture has no impact on the present two. If you happen to wished
my-image:v1 to additionally grow to be the
newest picture, you’d have to manually tag and push it in a separate operation.
This creates lots of confusion inside the Docker ecosystem. Many picture creators do tag their latest releases with
newest. This imbues the tag with further significance that Docker didn’t intend. Different authors use
newest for his or her improvement builds, whereas some received’t publish a
newest tag in any respect.
The dearth of consistency amongst picture authors could make it unclear whether or not
newest is actually the newest picture or not. Crucial rule of
newest is to by no means make assumptions about how a specific picture will use the tag.
Keep away from Pinning to newest
You shouldn’t eat the
newest tag of a picture each time a extra particular different is accessible. Until you know the picture’s writer actively updates the
newest tag, pinning towards it may not ship the model you count on.
Most photos use semantic versioning to create launch tags. It’s a lot safer to eat
my-image:newest. If the writer doesn’t preserve
newest, you might find yourself with a closely outdated picture. Conversely, authors that do preserve
newest typically use the tag for his or her bleeding-edge improvement model. Pinning towards it’s prone to ship common breaking modifications that you simply received’t be warned about.
A number of container ecosystem initiatives now warn towards utilizing
newest because of this. Kubernetes notes that utilizing
newest will not be solely unpredictable but in addition makes it more durable so that you can establish the actual picture model utilized by your containers.
Rolling again a container that’s deployed with
newest isn’t instantly attainable. You’ve obtained no reference level to work with. Altering a picture tag from
2.1.0 helps you to simply revert the improve if you have to. Container orchestration instruments can’t provide help to change “the brand new
newest picture” again into “the previous
Extra essentially, good tagging apply dictates that picture tags ought to be immutable. As soon as a tag’s been assigned, that tag shouldn’t be reused by the identical picture. This permits downstream shoppers to pin towards particular variations, secure within the information they’ll get the identical picture every time.
newest breaks this method by being inherently mutable. If you happen to use
newest, you must settle for change. As a picture writer, you’ll make it harder for customers to confidently reference your picture in the event you solely publish with the
Many instruments make assumptions about how picture tags are used.
newest typically will get particular therapy which you have to keep conscious of. Kubernetes, for instance, will all the time try to pull a more recent model of the
newest tag, even when one already exists domestically. Different tags solely get pulled in the event that they don’t exist already inside the cluster.
Higher Approaches to Tagging
Attempt to persist with semantic versioning once you’re tagging photos that shall be publicly out there. This can be a extensively understood normal that helps talk the magnitude of every change you make to your picture.
You could have extra choices when creating photos for personal use. Photos that are constructed by a CI server can typically be tagged with the SHA of the commit which ran the pipeline. This ensures every pipeline creates a singular tag that received’t be overwritten sooner or later. It additionally helps you match photos in your container registry to the codebase modifications that created them.
Lastly, don’t overthink the
newest tag. You don’t have to maintain it up to date with the “newest” model of your picture. It’s typically finest to disregard it altogether – until you run
docker construct and not using a tag identify, it’ll by no means be created. If you happen to do publish a
newest tag, be sure to state what it’s going to seek advice from.
The obvious simplicity of Docker’s
newest tag masks a quagmire of attainable points. You’ll encounter them each as a picture writer and client. The issues stem from the semantic inconsistency of the tag: whereas it sounds dynamic, it’s nothing greater than a static tag assigned by Docker within the absence of a user-supplied worth.
It is best to pin towards particular picture variations wherever attainable. This can provide help to keep away from breaking modifications and ambiguous third-party device behaviours. As a picture writer, attempt to present semantic launch variations and make it clear how your challenge treats
newest. This can assist potential customers assess the way to reference your picture.