rspec/rules/S6596/kubernetes/rule.adoc

:image_type: container

include::../common/description.adoc[]

== How to fix it in Helm

include::../common/how-to-fix.adoc[]

=== Code examples

==== Noncompliant code example
[source,text,diff-id=1,diff-type=noncompliant]
----
apiVersion: v1
kind: Pod
metadata:
  name: example
spec:
  containers:
    - name: nginx
      image: nginx # Noncompliant

    - name: nginx
      image: nginx:latest # Noncompliant
----

==== Compliant solution

[source,text,diff-id=1,diff-type=compliant]
----
apiVersion: v1
kind: Pod
metadata:
  name: example
spec:
  containers:
    - name: nginx
      image: nginx:1.14.2 # Compliant, fixed tag

    - name: nginx
      image: nginx@sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661 # Compliant, SHA of the image
----

include::../common/how-does-this-work.adoc[]

include::../common/extra-mile.adoc[]

== Resources
=== Documentation

* https://helm.sh/docs/chart_best_practices/pods/#images[Helm chart best practices - Images]
* https://kubernetes.io/docs/concepts/containers/images/[Kubernetes - Images]
* https://docs.docker.com/engine/reference/commandline/image_pull/#pull-an-image-by-digest-immutable-identifier[Pull an image by digest (immutable identifier)]

include::../common/implementation-specific.adoc[]