I have a Kubernetes cron job that runs off the latest image of my repo. In the yaml definition of the cron job the image definition is like this:
image: 123456789.abc.ecr.us-west-1.amazonaws.com/company/myservice:latest
The issue is our latest tag gets updated anytime there is a merge to master in GitHub. However, the code is not deployed to prod at this point. There is no continuous deployment though so our code is not deployed in prod, however the latest code from master will be used by the cron job.
Does it work as a solution to tag a 'prod' image that the cron job will run from? In this case when we deploy, the prod image would get updated to that image. Also, if there is a rollback we would update the prod image to be the image that prod is now reverting to.
Or is there a better solution/pattern to this issue?
You can create git release tags or use commit ids. Put this value in config map, and the cron job container should pull code by using this commit-id or release tag. So staging and production configs can have a different tags.
I would not recommend using latest
tag for deployments on kubernetes. It works well with docker but not with kubernetes + docker. Create immutable image tags. Kuberentes compares only tag, not tag + SHA. https://discuss.kubernetes.io/t/use-latest-image-tag-to-update-a-deployment/2929
Or you can use imagePullPolicy: always
with latest tag.
Generally you should set up two Git repos of your application, for example master and prod. You may then use Jenkins to build and deploy those repose to Kubernetes on commit (prod branch can be set to build on demand). So master branch will push to latest tag, and prod branch will push to prod branch. Then you specify tag latest in your job manifest. That's how it is configured in most cases.
Any questions?