Image Pull Policy Of The Container Is Not Set To Always
- Query id: caa3479d-885d-4882-9aac-95e5e78ef5c2
- Query name: Image Pull Policy Of The Container Is Not Set To Always
- Platform: Kubernetes
- Severity: Low
- Category: Insecure Configurations
- CWE: 665
- URL: Github
Description¶
Image Pull Policy of the container must be defined and set to Always
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: private-image-test-always
spec:
containers:
- name: uses-private-image
image: $PRIVATE_IMAGE_NAME:1.2
imagePullPolicy: Never
command: [ "echo", "SUCCESS" ]
Positive test num. 2 - yaml file
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-with-image-pull-policy
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: library/nginx:1.20.0
imagePullPolicy: IfNotPresent
Positive test num. 3 - yaml file
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-with-image-pull-policy1
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: library/nginx:1.20.0