Use git (99% of the time)
For a production deployment or anywhere that needs tracking I would want it in git and pushed from there. The helm chart will also evolve over time with your app so this also means you get checkpoints of working app versions with the helm chart.
For development or snapshot environments that don't need to be reproduced, I sometimes might go with the less formal method of helm
pushing out new image tags as needed. More so if you have something like Jenkins or any job runner that tracks when and how things happen.
This is very dependent on the environment the app runs in. It can range from applications that require an audit trail all the way from a dev, through testing to production deployment where it has to be in git, over to the other end of the spectrum of throw stuff at production by hand (where you end up wanting it in git).
I understand that in order for Helm to know it has to re-deploy the pods (i.e. pull down the latest image) I have to change the the IMAGE_TAG
This isn't entirely correct, kubernetes will reschedule pods when the resource spec changes. You could change an annotation or label on the pod spec and pods would be replaced. Then imagePullPolicy: Always
can be set in the pod spec.
Still, don't use that to rely on :latest
. It will bite you one day.