Skip to content

C 0253

← Back to all controls

DevOpsBest

Severity

Medium

Description of the the issue

Kubernetes team has deprecated GCR (k8s.gcr.io) registry and recommends pulling Kubernetes components from the new registry (registry.k8s.io). This is mandatory from 1.27

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

Checking images in kube-system namespace, if the registry of the image is from the old registry we raise an alert.

Remediation

Change the images to be pulled from the new registry (registry.k8s.io).

Example

@controls/examples/c239.yaml