From 0658fe2f8a0019e86f3b2527d1d688860ab965fd Mon Sep 17 00:00:00 2001 From: Gregory Thiemonge Date: Mon, 21 Oct 2024 12:54:45 +0000 Subject: [PATCH] set securityContext.runAsNonRoot value to true Reported by SAST tool: Sigma main event: The Kubernetes container is allowed to run as the root user. This may allow attackers to gain the root privileges of the host when the container is compromised. remediation: Explicitly set the 'securityContext.runAsNonRoot' value to 'true' to prevent the container from running as a root-level user. JIRA: OSPRH-9907 --- config/default/manager_auth_proxy_patch.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index cec149a0..5087ec2b 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -12,6 +12,7 @@ spec: - name: kube-rbac-proxy securityContext: allowPrivilegeEscalation: false + runAsNonRoot: true capabilities: drop: - "ALL"