How to ensure that the most recent version of a docker container image is being used when deploying a GreenGrass component


I have a GreenGrass component which uses aws.greengrass.DockerApplicationManager to download and run a docker image stored in AWS ECR. In a initial deployment, the GreenGrass core authenticates to ECR and downloads the image defined in recipe.yaml. If the docker image is updated in ECR (and the new image is tagged latest), subsequent deployments do not download the new image and continue to boot containers from the old image stored in the GreenGrass device. I tried to add a "docker pull" as part of the Install stage of the component's Lifecycle, but the command fails because it doesn't have credentials to connect to ECR. I understand that the GreenGrass Core has credentials but I have not been able to attach them to the "docker pull" command.

How can I ensure that the component is always using the "latest" tagged docker image that is available in ECR after a deployment?

Thanks in advance

asked 2 years ago566 views
1 Answer
Accepted Answer

The best practice is for you to not use the LATEST tag. Instead, set the artifact URI to point to a specific image hash. This way, each version of your component is entirely well-defined with a single immutable image version.

This will ensure that when you publish a new version of your component with the updated artifact, the new image will be downloaded at that time.

answered 2 years ago
profile picture
reviewed 12 days ago
profile picture
reviewed a month ago
profile picture
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions