See if you can help me,
I have an AKS cluster running smoothly, without any issues. However, due to company policies, I need to address some vulnerabilities. Among them, there is one related to nginx-ingress:
‘Least privileged Linux capabilities should be enforced for containers’
As recommended by Microsoft Defender for Cloud, it asks to apply the following configuration to the pod in question:
securityContext:
capabilities:
drop: ["ALL"]
add: ["NET_ADMIN", "SYS_TIME"]
However, after applying these configurations, I couldn’t even start the ingress anymore. I found out that I needed to add ‘NET_BIND_SERVICE’ to the ‘add’ section along with the other configurations.
But then, it still keeps flagging the vulnerability.
If anyone has encountered this before and can help, I’d appreciate it.
Thanks
Tried the recommendations from Azure and the searches I did on the internet.
Carlos Silva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1