search

hivemq / helm-charts

HiveMQ Helm charts
http://hivemq.github.io/helm-charts
Apache License 2.0
25 stars 18 forks source link

Need to set AllowPrivilegeEscalation flag to 'false' on the security context of the container's spec in Hivemq #103

Open Vishnu-Priya05 opened 1 year ago

Vishnu-Priya05 commented 1 year ago

There was a security remediation provided by Microsoft defender of cloud.

  1. From the Unhealthy resources tab, select the cluster. Defender for Cloud lists the pods running containers with privilege escalation to root in your Kubernetes cluster.
  2. For these pods, set the AllowPrivilegeEscalation flag to 'false' on the security context of the container's spec.
  3. After making your changes, redeploy the pod with the updated spec.

The remediation is shown for Hivemq pod as well. So, we need to set the AllowPrivilegeEscalation flag to 'false' in the values.yaml file

We are using helm chart to deploy the Hivemq and when i deploy by assigning the value to false it is reflecting in pod values.yaml. But, the remediation is not removed from the Microsoft Defender of cloud.

Please let me know if any input is required.

Please assist me to solve this.

Vishnu-Priya05 commented 1 year ago

Hi Team,

Any update on the mentioned issue?

mhofsche commented 1 year ago

Hi Vishnu-Priya05, please check the following guidelines on our documentation that may be helpful: https://docs.hivemq.com/operator/latest/kubernetes-operator/configuration.html#set-pod-security-context

Donnerbart commented 3 weeks ago

You can configure this via a container security context: https://docs.hivemq.com/hivemq-operator/configuration.html#set-container-security-context