-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tighten permissions (security best practices) #451
Comments
If I'm not completely wrong (maybe someone can confirm) it is not possible to run a container with |
You are correct on point 1, you can not have On the other question I was actually struggling to find out what exactly Did you think about using a base image without a shell? Since this is a go application distroless image would fit perfectly, and it would lessen the attack surface. |
With the privileged flag set, the container-runtime grants all root-privileges to the container (that's more than running only as a root-user). /cc @dholbach |
What time, and time zone, are we talking about for that meeting? Should I close this issue and open a new one with correct description? |
September 27th, 16:00 UTC (via Zoom). You can also join our slack #kured channel at https://slack.weave.works/ Just leave the this issue as it is and discuss about it. |
I'll try to be there, but if I'm unable please discuss about this issue. Security is twice as important when you have an app that needs to run privileged and no shell inside the container really cuts down all the attack vectors other than supply chain poisoning (kured image itself being compromised). |
@ckotzbauer Sadly I won't be joining you tonight as I have different commitments, but please discuss this issue. |
TODO: identify the right upstream SIG to consult with on this |
Hi! We're also in the process of reviewing our security and are running into an issue related to this. Azure Advisor is recommending to not run containers as root and while looking into this we noticed that it doesn't seem possible to change the securitycontext settings and from what I read here it also would break Kured. Is there any update on this? |
This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days). |
See also #416 which proposes some ways to reboot without using a privileged pod. |
I've been going through security review of our Kubernetes infrastructure, using kubescape specifically, and there are couple of valid findings that I think can be fixed. It's clear why we need
hostPID: true
andprivileged: true
, and why we're running the container as root, but a few others are left as Kubernetes defaults and are too lax.I'm not 100% sure how exactly Kured operates, but to me it looks like all it does is call
/bin/systemctl reboot
by accessing host's mount namespace directly. Thus I suspect that this DaemonSet would work equally as well, while being much tighter on security.Thoughts?
The text was updated successfully, but these errors were encountered: