radix-platform Add exception: Container with privilege escalation should be avoided [Medium]

Add exception: Container with privilege escalation should be avoided [Medium]

Open emirgens opened this issue 1 year ago • 2 comments

Containers shouldn't run with privilege escalation to root in your Kubernetes cluster. The AllowPrivilegeEscalation attribute controls whether a process can gain more privileges than its parent process.

Add exception for these:

[ ] monitor/kube-prometheus-stack-prometheus-node-exporter-
[ ] ingress-nginx/ingress-nginx-controller-
[ ] monitor/grafana-
[ ] velero/velero-

Prometheus references https://arthursens.medium.com/risk-analysis-and-security-compliance-in-kube-prometheus-10c8cfb180b8 https://github.com/prometheus-operator/kube-prometheus/pull/1593 https://github.com/prometheus-operator/kube-prometheus/issues/1588

Dec 06 '23 14:12 emirgens

radix-platform radix-platform copied to clipboard

Add exception: Container with privilege escalation should be avoided [Medium]

radix-platform
radix-platform copied to clipboard