Need to set AllowPrivilegeEscalation flag to 'false' on the security context of the container's spec in Hivemq

Question

Need to set AllowPrivilegeEscalation flag to 'false' on the security context of the container's spec in Hivemq

Opened this issue a year ago · 2 comments

There was a security remediation provided by Microsoft defender of cloud.

From the Unhealthy resources tab, select the cluster. Defender for Cloud lists the pods running containers with privilege escalation to root in your Kubernetes cluster.
For these pods, set the AllowPrivilegeEscalation flag to 'false' on the security context of the container's spec.
After making your changes, redeploy the pod with the updated spec.

The remediation is shown for Hivemq pod as well.
So, we need to set the AllowPrivilegeEscalation flag to 'false' in the values.yaml file

We are using helm chart to deploy the Hivemq and when i deploy by assigning the value to false it is reflecting in pod values.yaml. But, the remediation is not removed from the Microsoft Defender of cloud.

Please let me know if any input is required.

Please assist me to solve this.

Answer 1 · 2023-06-23T11:02:33.000Z

Hi Team,

Any update on the mentioned issue?

Answer 2 · 2023-06-28T08:12:08.000Z

Hi Vishnu-Priya05,
please check the following guidelines on our documentation that may be helpful:
https://docs.hivemq.com/operator/latest/kubernetes-operator/configuration.html#set-pod-security-context