Control: 7.1.5 Ensure IBM Cloud Kubernetes Service cluster has image pull secrets enabled
Image pull secrets are credentials that authorize your cluster to pull images from a private image registry. IBM Cloud Kubernetes Service integrates with IBM Cloud Container Registry and provides pull secrets for IBM Cloud Container Registry in the default Kubernetes namespace.
- Log in to the IBM Cloud console at https://cloud.ibm.com/.
- To view a list of your resources, go to Menu > Resource List.
- From your IBM Cloud resource list, select your cluster.
- From the Overview tab, for Image pull secrets, click Enable.
- In the modal, click Enable to confirm.
From Command Line:
- Run the following command to create a service ID for the cluster and assign the service ID an IAM Reader service role for IBM Cloud Container Registry. The command also creates an API key to impersonate the service ID credentials and stores the API key in a Kubernetes image pull secret in the default namespace of the cluster.
ibmcloud ks cluster pull-secret apply --cluster <cluster_name_or_ID>
Run the control in your terminal:
steampipe check ibm_compliance.control.cis_v100_7_1_5
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share ibm_compliance.control.cis_v100_7_1_5
This control uses a named query:manual_control