ImagePullPolicy / image pinning

Jan 1, 0001

Definition

ImagePullPolicy is a Kubernetes configuration setting that dictates when the kubelet should pull a container image from a registry. It can be set to “Always”, “IfNotPresent”, or “Never”. Image pinning refers to specifying an exact image version or digest to ensure consistency and prevent unexpected changes due to image updates.

Secure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: secure-pod
spec:
  containers:
  - name: secure-container
    image: myregistry/myimage@sha256:abc123def456
    imagePullPolicy: IfNotPresent

Insecure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: insecure-pod
spec:
  containers:
  - name: insecure-container
    image: myregistry/myimage:latest
    imagePullPolicy: Always

ImagePullPolicy / image pinning

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter