Kubernetesdevops~30 mins

Image security scanning in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Image Security Scanning in Kubernetes

📖 Scenario: You work in a team that deploys applications on Kubernetes. Your team wants to make sure container images are safe before running them. You will create a simple Kubernetes manifest and add a security scan annotation to it.

🎯 Goal: Build a Kubernetes Pod manifest with a container image and add an annotation to enable image security scanning.

📋 What You'll Learn

Create a Kubernetes Pod manifest named pod.yaml

Use the container image nginx:1.21

Add an annotation security.scan/enabled: "true" under metadata.annotations

Print the final manifest content

💡 Why This Matters

🌍 Real World

Teams use image security scanning annotations to integrate automated security tools that check container images before deployment. This helps prevent vulnerabilities from reaching production.

💼 Career

Knowing how to add security scanning annotations and labels in Kubernetes manifests is a key skill for DevOps engineers and site reliability engineers to maintain secure and reliable applications.

Progress0 / 4 steps

Create the basic Pod manifest

Create a Kubernetes Pod manifest named pod.yaml with apiVersion: v1, kind: Pod, and metadata.name set to secure-nginx. Under spec.containers, add one container with name: nginx and image: nginx:1.21.

Kubernetes

# Your code here to create the basic Pod manifest

Need a hint?

Start with the basic structure of a Pod manifest. Use apiVersion: v1 and kind: Pod. Add metadata with the name secure-nginx. Then add one container with the specified image.

Add security scan annotation

Add an annotation security.scan/enabled: "true" under metadata.annotations in the Pod manifest.

Kubernetes

apiVersion: v1
kind: Pod
metadata:
  name: secure-nginx
  # Add annotations below
spec:
  containers:
  - name: nginx
    image: nginx:1.21

Need a hint?

Annotations go under metadata. Use indentation carefully. Add the key security.scan/enabled with the value "true".

Add a label for environment

Add a label environment: production under metadata.labels in the Pod manifest.

Kubernetes

apiVersion: v1
kind: Pod
metadata:
  name: secure-nginx
  annotations:
    security.scan/enabled: "true"
  # Add labels below
spec:
  containers:
  - name: nginx
    image: nginx:1.21

Need a hint?

Labels are siblings to annotations under metadata. Add labels: and then the key-value pair environment: production.

Print the final Pod manifest

Print the entire Pod manifest content exactly as it is, including the annotations and labels.

Kubernetes

# Print the Pod manifest content
# Your code here

Need a hint?

Use a multi-line string variable to hold the manifest and print it exactly.