Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add non-root user into KubeArmor container #1401

Open
2 tasks
rksharma95 opened this issue Sep 7, 2023 · 4 comments · May be fixed by #1834
Open
2 tasks

Add non-root user into KubeArmor container #1401

rksharma95 opened this issue Sep 7, 2023 · 4 comments · May be fixed by #1834
Labels
enhancement New feature or request

Comments

@rksharma95
Copy link
Collaborator

Feature Request

Currently, KubeArmor daemonset runs inside a container (with alpine base image) as the root user. To enhance the security and maintain best practices, we need to modify the containerized environment so that the application runs as a non-root user. We should create a dedicated non-root user within the container to run the KubeArmor application. This user should have minimal privileges necessary for the KubeArmor to function properly.

For rest of the KubeArmor applications including kubearmor relay server, kubearmor controller, and kubearmor init container it will be handled as part of #1201

Describe the solution you'd like

Tasks
Beta Give feedback
@rksharma95 rksharma95 added the enhancement New feature or request label Sep 7, 2023
@rksharma95 rksharma95 mentioned this issue Sep 7, 2023
Merged
7 tasks
@VedRatan
Copy link
Contributor

I would like to work on this one, could someone please let me know where are the configuration file located in order to update the user as a non-root user and also which permissions are required to make Kubearmor daemon work properly, I guess we need to edit the kubearmor.service file, please let me know if my approach is wrong or should do something else.

@yp969803
Copy link

yp969803 commented Aug 7, 2024

/assign

@yp969803
Copy link 

RUN groupadd --gid 1000 default \
  && useradd --uid 1000 --gid default --shell /bin/bash --create-home default
  USER 1000

@rksharma95 as per the kubearmor dockerfile, a non root user runs kubearmor

yp969803 added a commit to yp969803/KubeArmor that referenced this issue Aug 11, 2024
@yp969803
fix: Add non-root user into KubeArmor container(kubearmor#1401)
feacb31 
Signed-off-by: Yash Patel <[email protected]>
@yp969803 yp969803 linked a pull request Aug 11, 2024 that will close this issue
Open
7 tasks
@rksharma95
Copy link
Collaborator Author 

RUN groupadd --gid 1000 default \
  && useradd --uid 1000 --gid default --shell /bin/bash --create-home default
  USER 1000

@rksharma95 as per the kubearmor dockerfile, a non root user runs kubearmor

it' true only for ubi image, for alpine based kubearmor image it's root user right!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Add non-root user into KubeArmor container(#1401) yp969803/KubeArmor
3 participants
@rksharma95 @VedRatan @yp969803