How to use tag in kubernetes yaml file so the system knows a new image is pushed

From the docs of FluxCD here

Note: that Flux only works with immutable image tags (:latest is notsupported). Every image tag must be unique, for this you can use theGit commit SHA or semver when tagging images.

Turn on automation based on timestamp:

apiVersion: apps/v1kind: Deploymentmetadata:  annotations:    fluxcd.io/automated: "true"spec:  template:    spec:      containers:      - name: app        image: docker.io/org/my-app:1.0.0

The above configuration will make Flux update the app container when you push a new image tag, be it my-app:1.0.1 or my-app:9e3bdaf.

Restrict image updates with sem ver:

apiVersion: apps/v1kind: Deploymentmetadata:  annotations:    fluxcd.io/automated: "true"    fluxcd.io/tag.app: semver:~1.0spec:  template:    spec:      containers:      - name: app        image: docker.io/org/my-app:1.0.0

The above configuration will make Flux update the image when you push an image tag that matches the semantic version expression e.g my-app:1.0.1 but not my-app:1.2.0

You should use Git commit SHA or semver when tagging images in azure DevOps Pipeline docker task

steps:- task: Docker@2  displayName: Build and Push  inputs:    command: buildAndPush    containerRegistry: dockerRegistryServiceConnection1    repository: contosoRepository    tags: |      tag1      tag2

We had the similar issue and we fixed it by adding the checksum to the annotation in the deployment file with a unique value generator. It works like this for us:

Generate Helm Template -> Deployment manifest is created with unique checksum -> Trigger deployment.

We had the RollingUpdate enabled in our manifest which eliminated the downtime of the application. Below is our helm template config.deployment.yaml

  template:    metadata:      labels:        app: {{ .Values.appName }}      annotations:        checksum/commonconfig: {{ .Values.CommonConfig | toJson | sha256sum | trunc 63 }}        checksum/podconfig: {{ .Values.PodConfig | toJson | sha256sum | trunc 63 }}

We have this in the helm chart which will generate the unique value in the deployment manifest. This will make the deployment to happen everytime even the latest tag of image is the same. Also, have the imagePullPolicy as Always.