mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/samples/RequireImagePullPolicyAlways.md
Chip Zoller f5d48721e6
new samples around image practices (#1302)
2020-11-25 11:48:21 -08:00

923 B
Raw Blame History

Require imagePullPolicy is set to Always for images not using latest tags

By default, Kubernetes sets the imagePullPolicy for images which specify a tag to be IfNotPresent. In some cases, this may not be desired where the image could be rebuilt upstream. This sample policy ensures that all containers have their imagePullPolicy set to Always.

Policy YAML

imagepullpolicy-always.yaml

apiVersion : kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: imagepullpolicy-always
spec:
  validationFailureAction: audit
  background: false
  rules:
  - name: imagepullpolicy-always
    match:
      resources:
        kinds:
        - Pod
    validate:
      message: "The imagePullPolicy must be set to `Always` for all containers when a tag other than `latest` is used."  
      pattern:
        spec:
          containers:
          - imagePullPolicy: Always