Pods and containers should apply a security context Affecting Kubernetes (Container) Engine service in Kubernetes

Severity Framework Snyk CCSS

Rule category Containers / Best Practices

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Kubernetes

Snyk ID SNYK-CC-00659
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

A security context controls a variety of settings for access control, Linux capabilities, and privileges. The security context may be set at the pod or the container level. Reference the Kubernetes documentation for specific recommendations for each setting.

How to fix?

Ensure a securityContext is specified at the pod or container level.

Example Configuration

apiVersion: v1
kind: Pod
metadata:
  name: valid2
spec:
  containers:
    - name: mycontainer
      image: redis
      securityContext:
        readOnlyRootFilesystem: true
        runAsGroup: 0
        runAsUser: 0

Pods and containers should apply a security context Affecting Kubernetes (Container) Engine service in Kubernetes

Description

How to fix?

Example Configuration

Kubernetes

Terraform

References