Huh, the idea of manually downgrading the version number seems like a nice hack!

It does feel kind of unfortunate, however, that while containers themselves are immutable most of the time, the tags themselves will point to different images over time.

If you do want something like a rolling release model, where you always use ":latest" (or ":master" or ":trunk", or ":stable" or whatever), then it feels like you'd need to constantly pull the latest versions of the image, with something like shepherd for Swarm ( https://github.com/djmaze/shepherd ), watchtower for regular Docker ( https://github.com/containrrr/watchtower ) or whatever the Kubernetes alternative is.

The whole DB user thing feels unfortunate, however! Especially on systems, where you have a single "fat" DB instance which is shared amongst different pieces of software (with separate schemas for each), as opposed to a more distributed approach, where each DB instance is separate and used by only one application.

Personally i've come to use the latter approach and run all of my DBs as containers, with bind-mounted /var/lib/$DATA_DIRECTORY_FOR_DB_HERE directories, for easier data backups. Though i guess that's also in part because i want to cap the resources available to each instance and also because i don't trust any piece of software to let it impact others in a shared resource situation.