Kubernetes Quick Hits: Don't run with privileged:true in you Kubernetes SecurityContext

Kubernetes Quick Hits: Don't run with privileged:true in you Kubernetes SecurityContext

Jun 24, 2021

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about privileged mode containers and why, for the vast majority of us, it’s simply a bad idea as well as some ideas for finding and preventing its use. Privileged mode is part of item number five from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!

Snyk’s IaC scanning tools can help you find where you may be using this setting–as well as many other possible issues–absolutely free by signing up at https://snyk.io/signup and start scanning your repos today.

Tools and topics mentioned in the video:
Snyk IaC: https://snyk.io/product/infrastructure-as-code-security/
Docker “privileged mode” documentation: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
Open Policy Agenty (OPA): https://www.openpolicyagent.org/
Kyverno: https://kyverno.io/
Pod Security Policy deprecation blog post: https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Learn more about Snyk http://bit.ly/snyk-io

📱Social Media📱
___________________________________________
Twitter: https://twitter.com/snyksec
Facebook: https://www.facebook.com/snyksec
LinkedIn: https://www.linkedin.com/company/snyk
Website: https://snyk.io/