Container is running with custom hosts file configuration Affecting Deployment service in Kubernetes
Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Network/ Best Practices
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
- Snyk IDSNYK-CC-00616
- creditSnyk Research Team
Description
HostAliases is set with custom mapping they might cause unexpected network connectivity issues.
How to fix?
Remove hostAliases attribute.
Remove hostAliases attribute in kubernetes_pod and kubernetes_job spec.
Example configuration
resource "kubernetes_pod" "allowed1" {
metadata {
name = "example-616a1"
}
spec {
container {
image = "nginx:1.21.6"
name = "example"
env {
name = "environment"
value = "test"
}
port {
container_port = 8080
}
}
dns_config {
nameservers = ["1.1.1.1", "8.8.8.8", "9.9.9.9"]
searches = ["example.com"]
}
dns_policy = "None"
}
}
resource "kubernetes_job" "allowed2" {
metadata {
name = "example-616a2"
}
spec {
template {
metadata {}
spec {
container {
name = "pi"
image = "perl"
command = ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
}
restart_policy = "Never"
}
}
backoff_limit = 4
}
wait_for_completion = false
}