Image Pull Policy Of The Container Is Not Set To Always
- Query id: aa737abf-6b1d-4aba-95aa-5c160bd7f96e
- Query name: Image Pull Policy Of The Container Is Not Set To Always
- Platform: Terraform
- Severity: Low
- Category: Insecure Configurations
- URL: Github
Description¶
Image Pull Policy of the container must be defined and set to Always
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "kubernetes_pod" "busybox" {
metadata {
name = "busybox-tf"
}
spec {
container {
image = "busybox"
command = ["sleep", "3600"]
name = "busybox"
image_pull_policy = "IfNotPresent"
}
restart_policy = "Always"
}
}
Positive test num. 2 - tf file
resource "kubernetes_deployment" "example" {
metadata {
name = "terraform-example"
labels = {
test = "MyExampleApp"
}
}
spec {
replicas = 3
selector {
match_labels = {
test = "MyExampleApp"
}
}
template {
metadata {
labels = {
test = "MyExampleApp"
}
}
spec {
container {
image = "nginx:1.7.8"
name = "example"
image_pull_policy = "IfNotPresent"
resources {
limits = {
cpu = "0.5"
memory = "512Mi"
}
requests = {
cpu = "250m"
memory = "50Mi"
}
}
}
}
}
}
}