Open kalpesh6331 opened 1 year ago
@kalpesh6331 what collector image are you using? As this isn't specific to the helm chart I'll move the issue to the appropriate repository once I know what image you're using.
I think we can restrict some these in the actual helm chart?
Here is an example I found for read only root filesystem and allowPrivillegeEscalation:
apiVersion: v1
kind: Pod
metadata:
name: webserver
labels:
name: webserver
spec:
containers:
- name: webserver
image: nginx:alpine
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
This one seems to be configurable on Kubelet side. Ref: https://kubernetes.io/docs/concepts/policy/pid-limiting/
@kalpesh6331 are you available to work on this?
Hi @povilasv Sure, I will raise a PR however, I wanted to know whether implementing the securityContext changes the application behavior? I am hoping there will be no effect on functionality due to this. Could someone please confirm?
Any update on this @kalpesh6331 ?
Description
We are using Otel in our application for tracing purposes As part of our CIS standards, we have run Prisma Cloud container security scan which has reported following vulnerabilities
We would like to know if these can be fixed or already fixed in any future releases If it is fixed via configuration (changes in helm values), would it affect any functionality or working of Otel? Please note that it is a self baked helm chart we are using to deploy Otel
Vulnerabilities: