Check if containers are run as root user.

digitalocean / clusterlint

A best practices checker for Kubernetes clusters. 🤠

Apache License 2.0

542 stars 45 forks source link

Check if containers are run as root user. #46

Closed varshavaradarajan closed 5 years ago

varshavaradarajan commented 5 years ago

Instead of iterating through pods, we recommend that users create pod security policies with privileged: false, runAsRoot: true, etc. Will raise a separate PR.

varshavaradarajan commented 5 years ago

Many cloud providers do not enable the pod security policy admission controller. So, pod security policies may or may not take effect while creating and updating pods. One way to ensure that pods adhere to good security practices is to iterate through the pods and check security contexts.

varshavaradarajan commented 5 years ago

@timoreimann - ready for review again. :) Would you mind taking a look when you're free?