10

I ran this:

docker pull 91xxxxx371.dkr.ecr.us-west-2.amazonaws.com/main_api

and nothing new was pulled, but I knew there were new images on AWS/ECR. So I removed the existing images:

docker rmi 91xxxxx371.dkr.ecr.us-west-2.amazonaws.com/main_api

and then pulled again and of course it says it retrieved new images, but that's probably just because I deleted the local tags/images or whatever.

Why didn't the first pull command get the latest? It defaults to the latest tag.

  • There is no way to tell if the previous image was the good one or not with the info you provided. The first command you provided should pull the most recent version of the `latest` tag of your image from your registry. The only way to tell if there is really a problem is to compare the id of the `xxx/main_api:latest` image before pulling, after pulling and after removing/pulling. You can get this info with `docker images`. – Zeitounator May 24 '19 at 06:37
  • How many time has passed between the push of your docker images on AWS/ECR and the "docker pull" command? Were the commands executed in sequence? – bitfox May 24 '19 at 10:27

1 Answers1

8

Update: I have to correct my answer, @David Maze (comment) is right: I described the docker run behaviour.

From the Docker documentation:

When using tags, you can docker pull an image again to make sure you have the most up-to-date version of that image

So your command should work, I don't know why it's not working, sorry. But nevertheless you can use as a workaround tags to enforce to pull the image with the specified tag.

docker run (not docker pull) search first in your local registry on your machine. If there is the image with the tag latest, the search is satisfied and terminated. If the image with the given tag is not available in your local registry, then docker will search in a remote registry like docker hub or your own.

So the tag latest should be used with care. If you have an Image with the tag latest in your local registry then you have to delete it first, so docker get nothing and search in remote registry.

Muhammad Tariq
  • 3,318
  • 5
  • 38
  • 42
Wie
  • 422
  • 4
  • 20
  • 1
    so alternative would be to use versions or SHA hashes? – dubes May 24 '19 at 07:10
  • 1
    I recommend to tag your images with versions. It is easier to handle as hashes. Like `image:0.5.3` and `image:0.6.0` - If you use another tag as before and the tag is not in your local registry it force the pull from registry. – Wie May 24 '19 at 07:13
  • 2
    `docker pull` will always contact the registry and get an updated image. Try, for instance, `docker pull ubuntu:18.04` if you have it locally and haven't pulled it recently. `docker run` behaves the way you describe. – David Maze May 24 '19 at 10:06
  • @DavidMaze Tanks, you are right. I hope my edit have now the correct result, even it is only on a half way helpful... – Wie May 24 '19 at 10:21
  • Seems like there should be a way to tell `docker run` to to try to pull latest...? – Josh M. May 29 '23 at 16:43
  • 2
    EDIT: `docker run --pull=always` FTW – Josh M. May 29 '23 at 17:04