-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add non-root user into KubeArmor container #1401
Comments
I would like to work on this one, could someone please let me know where are the configuration file located in order to update the user as a non-root user and also which permissions are required to make Kubearmor daemon work properly, I guess we need to edit the kubearmor.service file, please let me know if my approach is wrong or should do something else. |
/assign |
@rksharma95 as per the kubearmor dockerfile, a non root user runs kubearmor |
Signed-off-by: Yash Patel <[email protected]>
it' true only for ubi image, for alpine based kubearmor image it's root user right! |
Feature Request
Currently, KubeArmor daemonset runs inside a container (with alpine base image) as the root user. To enhance the security and maintain best practices, we need to modify the containerized environment so that the application runs as a non-root user. We should create a dedicated non-root user within the container to run the KubeArmor application. This user should have minimal privileges necessary for the KubeArmor to function properly.
For rest of the KubeArmor applications including
kubearmor relay server
,kubearmor controller
, andkubearmor init container
it will be handled as part of #1201Describe the solution you'd like
Tasks
The text was updated successfully, but these errors were encountered: