DEV Community

Renan Zulian
Renan Zulian

Posted on • Edited on

Why new docker users should stop using the 'latest' tag on Docker.

The tag is some of the core features of the docker that many people don't use correctly. Through the tags, we can select what the version we want to download and to use in our project. So if you aren't worried about it probably someday you can have some problems.

I confess that my machine has a lot of images with the 'latest' tags yet. Sometimes we don't want to specify what the version we need, right? A few weeks ago I cloned a small project that I worked in the past and I was using the latest version of Postgres. But that day the version wasn't the same I have used when I have created the project, then I had to guess what version I have used.

Not specifying the version that you want isn't a good habit.

The 'latest' version is never the same. It is only a generic term that isn't so useful in the practice¹. Probably you will never say to someone that your project needs the latest version of some software (in a formal conversation). You should say to him that you have used the X version of the Z software.

It is normal for a beginner developer don't care about the versions of the resource that the software he is coding depends. But if you already are an experienced developer, you need to start to care about it now.

¹ Raphael Habereder give us a good example of a context that it is very useful. Check his comment below.

Top comments (3)

Collapse
 
habereder profile image
Raphael Habereder • Edited

I am willing to debate this.
Latest is absolutely crucial in build-processes.

To give you an example:

rhel-minimal -> nginx -> some-webapp
The minimal image gets patched regularly, so should the nginx, and afterwards so should the webapp image.

All of these can and should contain latest in the FROM Tag, if there is no "backwards-compatibility" bloat you are carrying around.

Always use latest in CI. Why update tags, if you can force-pull latest and have a guaranteed latest patch-set?

Where you should avoid latest at all cost, is when deploying. Never deploy a latest tag.
But in the FROM-Instruction, if you don't use latest, you better have a damn good explanation for it.

Collapse
 
renanzulian profile image
Renan Zulian

Hi Raphael
I'm glad someone like you that knows about containers reply to my post.

I believe that I wasn't so clear what I wanted to say. I just wanted to say that to developers that start use Docker recently and don't know what they are doing. They usually don't know about all docker features and don't build their containers. They just use docker because they don't want to install some dependencies natively.

If you are working with Dockerfile to build your application, probably you will not have a problem like that. You already using docker right and you know what are you doing. I use the latest tag too in cases like your example. It has a lot of benefits like keeping your application most security.

I'm sorry if I wasn't so clear. I was anxious to write my first post here and to share a problem that I had.

Thank you!!!

Collapse
 
habereder profile image
Raphael Habereder • Edited

Don't let me discourage you, your points are absolutely fair and reasonable.

The only gripe I had was with the line:

It is only a generic term that isn't useful in the practice.

Because it is, once you get to the point of implementing a CI :D

For beginners, regarding the context of "pull an image and run it", you are perfectly right.
Deploying/Running a latest tag is absolutely terrible and bad.

I hope I didn't scare you away, we absolutely need more Container stuff here and you are definitely going in the right direction :)
Keep up the good work!