August  Murray

August Murray

1620308520

Pod Security Policies Advisor - Container Running with Uncontrolled Linux Capabilities

Overview

Kubernetes allows pods to have specific node capabilities without providing full root access. If left unchecked, a pod can gain much more access than it should, leaving your cluster vulnerable to do unwanted and unwarranted action that could leave your systems inoperable

How Magalix Helps?

By default, Magalix KubeAdvisor’s Pod Security Policies Advisor ships with Container with uncontrolled Linux capabilities. We can detect against one cluster, or all of your clusters, when pods are scheduled with certain root level capabilities enabled.

Identifying the Issue

Issues Dashboard

When logging into the Magalix console, find your cluster and drill down to Issues using the navigation bar on the left.

#devops #kubernetes #governance #policies

Pod Security Policies Advisor - Container Running with Uncontrolled Linux Capabilities