AlwaysPullImages

Jan 1, 0001

Definition

AlwaysPullImages is a Kubernetes admission controller that ensures the latest version of an image is pulled from the container registry every time a pod is started. This policy helps prevent the use of outdated or potentially vulnerable images that might be cached on a node, ensuring that the most current and secure version of an image is used.

Secure Settings Example

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
  - name: AlwaysPullImages

Insecure Settings Example

apiVersion: v1
kind: Pod
spec:
  containers:
    - name: myapp
      image: myregistry/myapp:latest
      imagePullPolicy: IfNotPresent

AlwaysPullImages

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter