C-0253 - Deprecated Kubernetes image registry

Framework

DevOpsBest

Severity

Medium

Description of the the issue

Kubernetes team has deprecated GCR (k8s.gcr.io) registry and recommends pulling Kubernetes components from the new registry (registry.k8s.io). This is mandatory from 1.27

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

Checking images in kube-system namespace, if the registry of the image is from the old registry we raise an alert.

Remediation

Change the images to be pulled from the new registry (registry.k8s.io).

Example

@controls/examples/c239.yaml