Guides

Image Tag should not be blank

If you don't specify a tag, Kubernetes assumes you mean the tag :latest. You should avoid using the :latest tag when deploying containers in production as it is harder to track which version of the image is running and more difficult to roll back properly. Instead, specify a meaningful tag such as '1.42.0.'

Suggest Edits

Risk Level: Low
Cloud Entity: Pods
CloudGuard Rule ID: D9.K8S.AC.04
Covered by Spectral: No
Category: Compute

GSL LOGIC

KubernetesPod should have spec.containers contain-all [ image like '%:%' ] and (spec.initContainers isEmpty() or spec.initContainers contain-all [ image like '%:%' ])

REMEDIATION

Pods

Pods are the smallest deployable units of computing that can be created and managed in Kubernetes.A Pod is a group of one or more containers (such as Docker containers), with shared storage/network, and a specification for how to run the containers.

Compliance Frameworks

  • Container Admission Control
  • Container Admission Control 1.0

Updated about 1 year ago