Best practices

K8S API server configuration without AlwaysPullImages admissions control plugin


It was found that the API server configuration admission control plugins parameter does not include 'AlwaysPullImages'. An admission controller is a code which being executed after the request authentication and authorization in order to validate it or change it. This admission controller forces any new pod to pull its image it won't be able to execute images that it doesn't have permissions to pull.