Image Policies Advisor

A core Kubernetes feature is the ability to schedule container images across multiple nodes within your cluster. Containers are stored in a registry that Kubernetes pulls from. When trying to run containers, Kubernetes allows for various configurations for you to control the behavior of what images should be pulled, and when they should be pulled.

Policies Included

Missing or Invalid Image Tag

Every image you want to use in your container registry will require an image tag. In some cases, organizations will continue to reuse the image tag latest. By default, if you don’t specify a tag in your manifests, Kubernetes will try to pull the latest image. Unfortunately, the latest tag doesn’t necessarily reflect the latest version of your image. Misunderstanding this can cause undesired versions to become scheduled. It is recommended that you don’t use the latest tag in production. 

This policy ensures you are specifying an image tag, and that tag is not latest. 

We have set this as a best practice because :

  • Kubernetes documentation recommends not to use the latest tag in production
  • Depending on how you are building your containers, latest might not be the image you want
  • Rolling back or forward becomes difficult

Connect Magalix to your clusters to check if their K8s objects violate or comply with this advisor's policies. Start your 30-days free trial by clicking here