You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to close two security recommendations for Kubernetes Cluster in Microsoft Defender for Cloud.
One of them is "Kubernetes clusters should disable automounting API credentials" and it can be solved by added "automountServiceAccountToken: false" for POD security "spec --> template --> spec"
But when I am adding this values the pods give me CrashLoopBackOff status and that logs in below, and I can not see that spec in Pod level.
How can I solve this?
{"level":"error","ts":"2023-06-19T06:53:56Z","logger":"controller-runtime.client.config","msg":"unable to load in-cluster config","error":"open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory","stacktrace":"sigs.k8s.io/controller-runtime/pkg/client/config.loadConfig.func1\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/client/config/config.go:133\nsigs.k8s.io/controller-runtime/pkg/client/config.loadConfig\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/client/config/config.go:155\nsigs.k8s.io/controller-runtime/pkg/client/config.GetConfigWithContext\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/client/config/config.go:97\nsigs.k8s.io/controller-runtime/pkg/client/config.GetConfig\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/client/config/config.go:77\nsigs.k8s.io/controller-runtime/pkg/client/config.GetConfigOrDie\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/client/config/config.go:175\nmain.main\n\t/workspace/main.go:131\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250"}
{"level":"error","ts":"2023-06-19T06:53:56Z","logger":"controller-runtime.client.config","msg":"unable to get kubeconfig","error":"invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable","errorCauses":[{"error":"no configuration has been provided, try setting KUBERNETES_MASTER environment variable"}],"stacktrace":"sigs.k8s.io/controller-runtime/pkg/client/config.GetConfigOrDie\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/client/config/config.go:177\nmain.main\n\t/workspace/main.go:131\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250"}
The second is "Running containers as root user should be avoided" and it can be solved by added "securityContext"
for POD security "spec --> template --> spec" add "securityContext:" and under it add "runAsNonRoot: true, runAsGroup: , runAsUser: "
How can I add this spec with correct values for runAsGroup: <Group-ID> and runAsUser: <User-ID> ?
Should I add any values for Dockerfile and how can I add?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I want to close two security recommendations for Kubernetes Cluster in Microsoft Defender for Cloud.
One of them is "Kubernetes clusters should disable automounting API credentials" and it can be solved by added "
automountServiceAccountToken: false" for POD security "spec --> template --> spec"But when I am adding this values the pods give me CrashLoopBackOff status and that logs in below, and I can not see that spec in Pod level.
How can I solve this?
The second is "Running containers as root user should be avoided" and it can be solved by added "
securityContext"How can I add this spec with correct values for
runAsGroup: <Group-ID>andrunAsUser: <User-ID>?Should I add any values for Dockerfile and how can I add?
Beta Was this translation helpful? Give feedback.
All reactions