secrets-store-csi-driver-provider-azure icon indicating copy to clipboard operation
secrets-store-csi-driver-provider-azure copied to clipboard

Published 20 hours ago verified publisher icon Azure

SecurityContext configurable

Open arevell89 opened this issue 3 years ago • 1 comments
trafficstars

Running root pods in Azure causes a high security alert in Azure monitors. Is it possible to configure the securityContext so we can run unprivileged pods?

https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/charts/csi-secrets-store-provider-azure/templates/provider-azure-installer.yaml#L73

arevell89 avatar Apr 12 '22 10:04 arevell89

Running root pods in Azure causes a high security alert in Azure monitors. Is it possible to configure the securityContext so we can run unprivileged pods?

@arevell89 The provider pods need to create and bind unix socket on the host. It needs to run as root to be able to perform this. For this reason, it is recommended to install the driver and provider in kube-system namespace. Please refer to "Why kube-system` in the installation guide.

aramase avatar Apr 12 '22 14:04 aramase

Closing this as privileged is required for the provider pods. Feel free to reopen if there is a feature request or if you have any further questions.

aramase avatar Aug 30 '22 20:08 aramase