Ensure image pull policy is set to Always

Error: Image pull policy is not set to Always

Bridgecrew Policy ID: BC_K8S_14
Checkov Check ID: CKV_K8S_15
Severity: LOW

Image pull policy is not set to Always

Description

The Image Pull Policy of a container is set using the imagePullPolicy. The imagePullPolicy and the tag of the image are triggered when the kubelet attempts to pull the specified image. When the imagePullPolicy is set to Always, you ensure the latest version of the image is deployed every time the pod is started. Avoid using the :latest tag when deploying containers in production, it is harder to track which version of the image is running and more difficult to roll back correctly.

Fix - Buildtime

Kubernetes

Resource: Container
Argument: imagePullPolicy (Optional)
Defines for the kubelet when he should attempt to pull the specified image.

apiVersion: v1
kind: Pod
metadata:
  name: <name>
spec:
  containers:
  - name: <container name>
+   imagePullPolicy: Always