Practise vocabulary for container registries, image tagging strategies, immutable tags, image signing, and artifact promotion.
0 / 5 completed
1 / 5
An immutable image tag means:
Immutable tags: v1.2.3 → always the same SHA256 digest. The 'latest' tag is mutable (anti-pattern in production): today's 'latest' is different from yesterday's. Immutable versioned tags ensure that re-running a deployment always pulls the exact same image.
2 / 5
The 'latest' tag in a container registry is described as an anti-pattern in production because:
'latest' is a mutable pointer: pushing a new build updates where 'latest' points. If a bug is introduced in the build after yours, re-deploying 'latest' picks up the bug. Production deployments should always use a specific version tag or image digest.
3 / 5
An image digest (SHA256) in artifact management is used to:
Image digests (sha256:abc123...) are content hashes. While tags can be moved (by reassigning), the digest is immutable by definition — it is derived from the actual image content. Some teams pin production deployments to digest rather than tag for maximum reproducibility.
4 / 5
Artifact promotion in a CI/CD pipeline means:
Promotion pipelines: build once, promote through environments. The same image built in CI is promoted to staging registry after integration tests pass, then promoted to production registry after manual approval. This ensures exactly the same artifact is tested and deployed.
5 / 5
Image signing in a container supply chain means:
Image signing (Sigstore Cosign, Notary/notation): the CI system signs the image after building it. Admission controllers in Kubernetes can verify signatures before allowing images to run — preventing deployment of unsigned or tampered images even if someone pushes directly to the registry.