Let say I have a container running a third party image from the public registry.
For security reasons, I update the image using docker pull every night via cron.
(I could also use watchtower or any similar software)
But for now I just have a cron job doing:
docker pull owner/image:latest docker restart my_container
So far, so good.
Now, imagine that yesterday, owner pushed to the public registry a bugged verson of his image.
Of course, my cron updated the image and restarted the container.
Now the container is no more working as it is using the latest bugged version of owner/image
What I’m trying to achieve is to be able to run my container on the previous image that was working (which is no more available on the public registry as latest).
How would you do this ?
Tag the working image as “good” before pulling and thus can revert to this tag in case of bugged image ?
Perform docker save / docker load ?
Use a private registry ?
Any other idea ?
Thanks for any advice / experience on this matter.