You are using Cloud Build build to promote a Docker image to Development, Test, and Production environments. You need to ensure that the same Docker image is deployed to each of these environments.
How should you identify the Docker image in your build?
To ensure that the same Docker image is deployed to Development, Test, and Production environments, you should use the digest of the Docker image. The digest is a unique identifier that is a hash of the image's contents, guaranteeing that the exact same image is used across all environments. Tags, including the latest tag and semantic version tags, can be overwritten or changed, which could lead to inconsistencies. A unique Docker image name does not provide the same level of immutability and assurance as the digest.
C, since digests are immutable, whilst docker tags are mutable (hence not D). https://cloud.google.com/architecture/using-container-images
For me it's D, it's not a best practice to use image with the latest tag. And using the semantic version will ensure that all the environment use the exact same image with the wanted code.
This is correct
You are not correct. The question is to ensure the images are the same not about docker image naming convention best practices. The only way to compare two images and say they are the same is digest hash. You can mistakenly tag two different images using the same semver tag.
for me the correct answer is A)
Read the question, it asks to ensure that the 'same' Docker image is deployed to every environment, so to identify the docker image, we have to use digests
C. Use the digest of the Docker image. The digest of the Docker image is a unique identifier for the specific version of the image. By using the digest, you can ensure that the same exact version of the image is deployed to each environment. Using the latest tag or a unique image name may not necessarily guarantee that the same version is deployed, as these tags may change over time. Using a semantic version tag would only ensure that the same version is deployed if you follow a strict versioning policy and only update the image by incrementing the patch or minor version number.
C is 100% correct
C is correct. another answers are not immutable.
"By design, the Git commit hash is immutable and references a specific version of your software".. https://cloud.google.com/architecture/best-practices-for-building-containers
https://cloud.google.com/architecture/best-practices-for-building-containers#tagging_using_semantic_versioning Answer is D
I vote for this. We are likely looking for the best-practice way to 'promote' an image through dev, test, and prod environments. It is normal to use a tag with standard naming convention to identify/select images to promote e.g. tag v1.0.0. Using the digest would work, but this is not normal practice.
C. Use the digest of the Docker image. Using the digest of the Docker image is the most reliable way to ensure that the exact same Docker image is deployed to each environment. The digest is a hash of the image content and metadata, which is unique to each image. This means that even if the image is tagged with different versions or names, the digest will remain the same as long as the content and metadata are identical. On the other hand, using the latest Docker image tag or a semantic version tag may not guarantee that the exact same image is deployed to each environment. These tags are mutable and can be overwritten or updated, which could result in different images being deployed to different environments. Using a unique Docker image name could work, but it may be more difficult to manage and track multiple images with different names, especially if there are many environments or frequent updates.
D is correct
The best answer is C. Use the digest of the Docker image. Here's why: Docker Image Digest: A digest is a unique identifier for a specific Docker image. It's a cryptographic hash of the image's contents, ensuring that you're always deploying the exact same image across environments.
Let's break down why the other options are less ideal: A. Use the latest Docker image tag: The latest tag is mutable. If you push a new image with the latest tag, it will overwrite the previous latest image. This can lead to inconsistencies across environments if different environments pull the latest tag at different times. B. Use a unique Docker image name: While using unique names can help with organization, it doesn't guarantee that you're deploying the same image across environments. You could accidentally push a different image with the same name, leading to inconsistencies. D. Use a semantic version Docker image tag: Semantic versioning is a good practice for managing software releases, but it doesn't guarantee that the image content is identical across environments. You could accidentally push a new image with the same semantic version but different content.
C. Use the digest of the Docker image. When promoting Docker images across different environments in a CI/CD pipeline, it's crucial to ensure that exactly the same image is deployed to each environment. The most reliable way to identify a Docker image is by using its digest. Here's why using the digest is the best approach: The digest is a SHA256 hash of the image's content and configuration, which uniquely identifies an image. If anything about the image changes, the digest changes. This means that if you deploy an image by its digest, you are guaranteed to deploy the exact same image in each environment. Using the digest is more reliable than using tags like 'latest' or semantic versioning. Tags can be moved to point to different images, but digests are immutable. Once an image is pushed to a registry, its digest can never change.
I would go with C.
Anser C because nees to be sure that the same image for the 3 envs. A tag version can be change between the deployment of the env.
C is the answer