From 0ec42426b63644680a564f904ee79c05a402efe0 Mon Sep 17 00:00:00 2001
From: ColinM-sys <cmcdonough@50words.com>
Date: Thu, 16 Apr 2026 17:41:17 -0400
Subject: [PATCH] fix(k8s): pin container images by sha256 digest (#1436)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes #1436.

The K8s manifest referenced three images by mutable tags:
docker:24-dind, node:22, and busybox. Tag references can be
overwritten at the registry — a compromised registry or tag
overwrite would inject malicious code into the pod.

Pin each image to a sha256 digest to prevent supply-chain
attacks via tag manipulation. Digests captured from Docker Hub
at commit time; the human-readable tag is preserved in a
comment so maintainers can refresh the digest when bumping
versions.

This matches the pattern already used in the root Dockerfile
(node:22-slim@sha256:4f77a6...) and Dockerfile.base.

Signed-off-by: ColinM-sys <cmcdonough@50words.com>
---
 k8s/nemoclaw-k8s.yaml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/k8s/nemoclaw-k8s.yaml b/k8s/nemoclaw-k8s.yaml
index 53fe59ac5c..b3bbebcf92 100644
--- a/k8s/nemoclaw-k8s.yaml
+++ b/k8s/nemoclaw-k8s.yaml
@@ -14,7 +14,9 @@ spec:
   containers:
     # Docker daemon (DinD)
     - name: dind
-      image: docker:24-dind
+      # Pinned by digest to prevent supply-chain attacks via mutable tag references.
+      # Tag: docker:24-dind (update digest when bumping the tag).
+      image: docker:24-dind@sha256:9b17a9f25adf17b88d0a013b4f00160754adf4b07ccbe9986664a49886c2c98e
       securityContext:
         privileged: true
       env:
@@ -35,7 +37,9 @@ spec:
 
     # Workspace - runs official NemoClaw installer
     - name: workspace
-      image: node:22
+      # Pinned by digest to prevent supply-chain attacks via mutable tag references.
+      # Tag: node:22 (update digest when bumping the tag).
+      image: node:22@sha256:ecabd1cb6956d7acfffe8af6bbfbe2df42362269fd28c227f36367213d0bb777
       securityContext:
         allowPrivilegeEscalation: false
         capabilities:
@@ -128,7 +132,9 @@ spec:
   initContainers:
     # Configure Docker daemon for cgroup v2
     - name: init-docker-config
-      image: busybox
+      # Pinned by digest to prevent supply-chain attacks via mutable tag references.
+      # Tag: busybox:latest (update digest when pinning to a different tag).
+      image: busybox@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
       command: ["sh", "-c", "echo '{\"default-cgroupns-mode\":\"host\"}' > /etc/docker/daemon.json"]
       volumeMounts:
         - name: docker-config