Curated Base Image Mirror

Definition

A Curated Base Image Mirror is a repository that hosts vetted and approved container base images, ensuring they are free from known vulnerabilities and comply with organizational security policies. These mirrors are used to provide a consistent and secure foundation for building containerized applications, reducing the risk of introducing vulnerabilities through untrusted or outdated base images.

Secure Settings Example

apiVersion: v1
kind: Pod
spec:
  containers:
  - name: myapp
    image: myregistry.example.com/curated-base-images/secure-image:latest
    securityContext:
      runAsNonRoot: true
      readOnlyRootFilesystem: true

Insecure Settings Example

apiVersion: v1
kind: Pod
spec:
  containers:
  - name: myapp
    image: dockerhub.com/unknown-user/unverified-image:latest
    securityContext:
      runAsNonRoot: false
      readOnlyRootFilesystem: false