Ensure securityContext is applied to pods and containers

Error: securityContext is not applied to pods and containers

Bridgecrew Policy ID: BC_K8S_43
Checkov Check ID: CKV_K8S_29
Severity: LOW

securityContext is not applied to pods and containers

Description

securityContext defines privilege and access control settings for your pod or container, and holds security configurations that will be applied to a container. Some fields are present in both securityContext and PodSecurityContext, when both are set, securityContext takes precedence.

Well-defined privilege and access control settings will enhance assurance that your pod is running with the properties it requires to function.

Fix - Buildtime

Kubernetes

  • Resource: Container / Pod / Deployment / DaemonSet / StatefulSet / ReplicaSet / ReplicationController / Job / CronJob
  • Argument: securityContext (Optional)
    A field that defines privilege and access control settings for your Pod or Container.
apiVersion: v1
kind: Pod
metadata:
  name: <Pod name>
spec:
  containers:
  - name: <container name>
    image: <image>
+   securityContext:
apiVersion: v1
kind: Pod
metadata:
  name: <name>
spec:
+  securityContext:
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: <name>
spec:
  schedule: <>
  jobTemplate:
    spec:
      template:
        spec:
+          securityContext:
apiVersion: <>
kind: <kind>
metadata:
  name: <name>
spec:
  template:
  	spec:
+   	securityContext: