Control: StatefulSet containers has image pull policy set to Always
Description
This check ensures that the container in the StatefulSet has image pull policy set to Always.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.statefulset_container_image_pull_policy_alwaysSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.statefulset_container_image_pull_policy_always --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when c ->> 'image' is null or c ->> 'image' = '' then 'alarm' when c ->> 'imagePullPolicy' is null and ( select (regexp_matches(c ->> 'image', '(?:[^\s\/]+\/)?([^\s:]+):?([^\s]*)'))[2] ) not in ('latest', '') then 'alarm' when c ->> 'imagePullPolicy' <> 'Always' then 'alarm' else 'ok' end as status, case when c ->> 'image' is null or c ->> 'image' = '' then c ->> 'name' || ' no image specified.' when c ->> 'imagePullPolicy' is null and ( select (regexp_matches(c ->> 'image', '(?:[^\s\/]+\/)?([^\s:]+):?([^\s]*)'))[2] ) not in ('latest', '') then c ->> 'name' || ' image pull policy is not specified.' when c ->> 'imagePullPolicy' <> 'Always' then c ->> 'name' || ' image pull policy is not set to ''Always''.' else c ->> 'name' || ' image pull policy is set to ''Always''.' end as reason, name as stateful_set_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_stateful_set, jsonb_array_elements(template -> 'spec' -> 'containers') as c;