Pods and containers should apply a security context

Description

A security context controls a variety of settings for access control, Linux capabilities, and privileges. The security context may be set at the pod or the container level. Reference the Kubernetes documentation for specific recommendations for each setting.

Remediation Steps

Kubernetes Manifest (YAML)

Ensure that a Kubernetes.Pod has a securityContext object set at the pod spec or containers level.

Example Configuration

apiVersion: v1
kind: Pod
metadata:
  name: hello
spec:
  securityContext:
    runAsUser: 1001
  containers:
    - name: hello
      image: busybox
      command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600']
      securityContext:
        capabilities:
          drop: ["ALL"]
# other required fields here