Image pull policy is not set to Always
Description
The Image Pull Policy of a container is set using the imagePullPolicy. The imagePullPolicy and the tag of the image are triggered when the kubelet attempts to pull the specified image. When the imagePullPolicy is set to Always, you ensure the latest version of the image is deployed every time the pod is started. Avoid using the :latest tag when deploying containers in production, it is harder to track which version of the image is running and more difficult to roll back correctly.
Code Example
yaml
apiVersion: v1
kind: Pod
metadata:
name: <name>
spec:
containers:
- name: <container name>
+ imagePullPolicy: AlwaysRemediation
Kubernetes
Resource: Container Argument: imagePullPolicy (Optional)
Defines for the kubelet when he should attempt to pull the specified image.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1093 |
| Severity | LOW |
| IaC Type | Kubernetes |
| Frameworks | Kubernetes, |
| Checkov ID | CKV_K8S_15 |