Add exception: Container with privilege escalation should be avoided [Medium]

emirgens commented 7 months ago

Containers shouldn't run with privilege escalation to root in your Kubernetes cluster. The AllowPrivilegeEscalation attribute controls whether a process can gain more privileges than its parent process.

Add exception for these:

[ ] monitor/kube-prometheus-stack-prometheus-node-exporter-
[ ] ingress-nginx/ingress-nginx-controller-
[ ] monitor/grafana-
[ ] velero/velero-

Prometheus references https://arthursens.medium.com/risk-analysis-and-security-compliance-in-kube-prometheus-10c8cfb180b8 https://github.com/prometheus-operator/kube-prometheus/pull/1593 https://github.com/prometheus-operator/kube-prometheus/issues/1588

emirgens commented 7 months ago

nginx - run without chroot, configuration of nginx in Flux

emirgens commented 7 months ago

Prometheus - look in to change the configuration of Prometheus

equinor / radix-platform

Add exception: Container with privilege escalation should be avoided [Medium] #1123