Azure Kubernetes Cluster Security
Question
I found some findings related to Azure Kube.netes Cluster in the Azure Security Center Recommendations.
Immutable (read-only) root filesystem should be enforced for containers. Services should listen on allowed ports only. Containers should listen on allowed ports only. Running containers as root user should be avoided. Container with privilege escalation should be avoided. Container CPU and memory limits should be enforced.
If anybody has an idea how to remediate these issues let me know.
1 answers
solution1
0 2021-08-15 07:50:42
These all due to limitations of Azure Security Center policies and how they identify the vulnerabilities. FOr example, ASC will only check the security context of the pods template to understand whether it is running with root user or not. Evenn if your container running with non-root user also will reflect in the affected pod list, if the property is not set to the pods specific eventhough your image has already set a non-root user. The same limitations are there for your other mentioned alerts also.
So we have options like, disable the alerts which are not related the cluster or as they recommended in the remediation steps, just follow to add the properties just to remediate eventhough that doesnt make much sense.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.