Could anyone help. We are on a crunch with resolving security issues in our environments. We are encountering ‘Containers should run with a read only root file system in your Kubernetes cluster. Immutable filesystem protects containers from changes at run-time with malicious binaries being added to PATH.’ error with our Istiod pod ‘istio-system/istiod-xxxxxxxxx’. Is there anyway to update this so we can get cleared on this error. We know what the parameters to fix the issue but not sure if we can apply it against our Istio/istiod. But the way, we had to add a parameter in the ‘service account’ and the ‘deployment’ to resolve this. Looking at the Istiod yams file, not sure how to go about adding these. Any help would be greatly appreciated as we are implementing this patch in a week. Thank You.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Istio Init Containers do not work with Pod Security Policies | 0 | 924 | May 17, 2021 | |
|
Files owner in Kubernetes volume
|
2 | 3313 | February 16, 2021 | |
|
How to avoid using root user in Istio CNI
|
0 | 648 | March 18, 2022 | |
| Istio init-container running as root with all capabilities | 0 | 1568 | September 30, 2019 | |
|
Istio with Pod Security Policy (in GKE)
|
3 | 2092 | April 5, 2019 |