Ensure Containers Are Immutable

Ensure containers are immutable.

Policy Details

Policy Subtype
Build
Severity
Medium
Template Type
Kubernetes

Build Rules

Ensure containers are immutable .
JSON Query:
$.spec.template.spec.containers[*].securityContext.readOnlyRootFilesystem exists and $.spec.template.spec.containers[*].securityContext.readOnlyRootFilesystem any false
Recommendation:
Recommended solution to ensure that containers are immutable.
It is recommended that containers are immutable. Please make sure "readOnlyRootFilesystem" is set to "true".
For example:
"spec": { "containers": [ { "name": "friendly-container", "image": "alpine:3.4", "command": [ "/bin/echo", "hello", "world" ], "securityContext": { "readOnlyRootFilesystem": true } } ] }

Recommended For You