Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
apps/v1/Deployment 💥
[CRITICAL] Container Security Context
· test -> The container is privileged
Set securityContext.privileged to false
This is a false positive, as the privileged field defaults to false.
Maybe kube-score considers the fact that it's not specified explicitly an issue. If that's the case, in my opinion it is not made clear at all; plus the statement The container is privileged is incorrect.
@romain-depres Thanks for the great bug report! kube-score does incorrectly treat an unset/null "privileged" configuration as if the container does have privileged access. I'll send a PR to fix this.
Which version of kube-score are you using?
kube-score version: 1.7.2, commit: 0da8da32204cc5c18df2e8fe1aff04312e9de01c, built: 2020-07-09T14:21:31Z
What did you do?
Ran kube-score on a deployment manifest. Below are a minimal manifest and a command to reproduce the problem:
What did you expect to see?
With the example above, no errors.
What did you see instead?
One error:
This is a false positive, as the privileged field defaults to false.
Maybe kube-score considers the fact that it's not specified explicitly an issue. If that's the case, in my opinion it is not made clear at all; plus the statement
The container is privileged
is incorrect.