Ensures that images are always pulled from the registry even if they are already present on the node.
The following quote describes the effect of setting
imagePullPolicy: Always in detail:
Every time the kubelet launches a container, the kubelet queries the container image registry to resolve the name to an image digest. If the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet downloads (pulls) the image with the resolved digest, and uses that image to launch the container.
- name: nginx
- containerPort: 80
+ imagePullPolicy: Always
securitytower.io/policy.exclusion.enforceimagepullpolicyalwaysas on the example below.
apiVersion: apps/v1 kind: Deployment metadata: name: your-deployment annotations: securitytower.io/policy.exclusion.enforceimagepullpolicyalways: |- These containers can safely run with pre-pulled images. ...