A Docker tag is a label used to uniquely identify a Docker image. It allows users to deploy a specific version of an image. A single image can have multiple tags associated with it.
Every time a new version of an image is published, the associated tags are also updated to make it easier for users to get the latest version.
VMware Application Catalog uses rolling tags (a tag that may not always point to the same image) for its Docker container images. To understand how this works, let's use these container image tags as an example: 3, 3-debian-10, 3.4.13, 3.4.13-debian-10-r8, latest
TIP: Any tags that do not explicitly specify a distribution, such as 3 or 3.4.13, should be assumed to refer to Debian 10.
When VMware Application Catalog releases container images - typically to upgrade system packages - it fixes bugs or improves the system configuration and also updates container tags to point to the latest revision of the image. Therefore, the rolling tags shown above are dynamic; they will always point to the latest revision or daily release of the corresponding image.
Continuing with the example above, the 3.4.13 tag might point to v3.4.13 revision 8 today, but it will refer to v3.4.13 revision 9 when the container image is updated next.
The suffix revision number (rXX) is incremented every time that an updated version of the image for the same version of the application. As explained in the next section, suffixed tags are also known as immutable tags.
A static, or immutable, tag always points to the same image. This is useful when you depend on a specific revision of an image For example, if you use the tag 3.4.13-debian-10-r8, this tag will always refer to v3.4.13 revision 8 of the image. The use of this tag ensures that users get the same image every time.
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
VMware Application Catalog will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. Learn more about VMware Application Catalog's policy on open CVEs.