search

Shopify / kubeaudit

kubeaudit helps you audit your Kubernetes clusters against common security controls
MIT License
1.88k stars 185 forks source link

False positive 'CapabilityOrSecurityContextMissing' #572

Open alice-vsk opened 10 months ago

alice-vsk commented 10 months ago
ISSUE TYPE

BUG REPORT

SUMMARY

We defined securityContext for containers in our deployments, but Kubeaudit still returns an error 'CapabilityOrSecurityContextMissing. Message: Security Context not set'.

ENVIRONMENT
STEPS TO REPRODUCE

Run kubeaudit all

EXPECTED RESULTS

Not having error 'CapabilityOrSecurityContextMissing. Message: Security Context not set'.

ACTUAL RESULTS
[error] CapabilityOrSecurityContextMissing
Message: Security Context not set. The Security Context should be specified and all Capabilities should be dropped by setting the Drop list to ALL.
ADDITIONAL INFORMATION

To debug the problem we also tried to output both pod and deployment as a yaml and run Kubeaudit on that, but still seeing an error.

SecurityContext in pod:

apiVersion: v1
kind: Pod
spec:
  containers:
    securityContext:
      allowPrivilegeEscalation: false
      runAsGroup: 100
      runAsNonRoot: true
      runAsUser: 1000
github-actions[bot] commented 10 months ago

Thanks for opening your first issue here! Be sure to follow the issue template!