microsoft-github-policy-service[bot]
commented
7 months ago Action required from @Azure/aks-pm
Open slawekww opened 1 year ago
microsoft-github-policy-service[bot]
commented
7 months ago Action required from @Azure/aks-pm
microsoft-github-policy-service[bot]
commented
4 weeks ago Action required from @aritraghosh, @julia-yin, @AllenWen-at-Azure
microsoft-github-policy-service[bot]
commented
1 week ago Issue needing attention of @Azure/aks-leads
Is your feature request related to a problem? Please describe. To improve security of node, User Namespaces functionality: https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/ could be implemented in AKS. It would reduce risk of running container processes as root on node by containerd even if root user is used in container image. It is also worth to consider to run containerd rootless on nodes: https://github.com/containerd/containerd/blob/main/docs/rootless.md
Describe the solution you'd like Azure Defender for Cloud recommends to run containers as non-root user. In many cases it is not possible to change user in container image/runtime. For node security, processes for containers should not be run as root on node regardless what user is used in container.
Describe alternatives you've considered N/A
Additional context N/A