A production CNF should use an immutable tag that maps to a semantic version of the application.
"You should avoid using the :latest tag when deploying containers in production as it is harder to track which version of the image is running and more difficult to roll back properly."
The :latest tag is what is applied to an image which does not have a tag, which does not mean, as some people expect, that :latest always points to the most-recently-pushed version of an image.
Summary
A production CNF should use an immutable tag that maps to a semantic version of the application.
"You should avoid using the :latest tag when deploying containers in production as it is harder to track which version of the image is running and more difficult to roll back properly."
Ref https://kubernetes.io/docs/concepts/containers/images/
Motivation
No response
Goals
No response
Non-Goals
No response
Proposal
Using the latest tag is an anti-pattern..
The :latest tag is what is applied to an image which does not have a tag, which does not mean, as some people expect, that :latest always points to the most-recently-pushed version of an image.
Workload Context
No response
User Stories
No response
Notes, Caveats, Constraints
As a related item we recommend locking image tags on the container registry for production releases to avoid overwriting a known good image. https://learn.microsoft.com/en-us/azure/container-registry/container-registry-image-tag-version#lock-deployed-image-tags
References