Pods and containers should apply a security context¶
Description¶
A security context controls a variety of settings for access control, Linux capabilities, and privileges. The security context may be set at the pod or the container level. Reference the Kubernetes documentation for specific recommendations for each setting.
Remediation Steps¶
Kubernetes Manifest (YAML)¶
Ensure that a Kubernetes.Pod has a securityContext
object set at the pod spec
or containers
level.
Example Configuration¶
apiVersion: v1
kind: Pod
metadata:
name: hello
spec:
securityContext:
runAsUser: 1001
containers:
- name: hello
image: busybox
command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600']
securityContext:
capabilities:
drop: ["ALL"]
# other required fields here