Ensure image tag is set in Kubernetes workload configuration

Using image tags with specific version numbers can provide stability and ensure that software being deployed is of known versions for auditing purposes. If vulnerabilities are discovered in a particular version, using the tags will help determine whether that release is impacted. It also helps ensure that beta software is not deployed.

Every image is stored with a tag and when the most recent version of that image is built, it gets 'latest' by default regardless of whether an individual tag name or number was specified. To aid in tracking, whether for inventory or for potential rollback, it is recommended that you do not use ':latest' or leave the 'spec:containers:image' field blank but instead provide the image with a specific version name or number when initiating the build process. For example, use myApp:v1 instead of myApp:latest or just myApp in the build command.