Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Docker container security

See original GitHub issue

We are running sysdig-falco in our Kubernetes cluster and it is complaining about the following:

k8s.node_name=ip-172-16-12-29.ec2.internal 10:53:58.969608520: Error File below /etc opened for writing (user=root command=python3 /application/kubewatch.py sync /etc/ambassador-config /etc/envoy.json parent=entrypoint.sh pcmdline=entrypoint.sh ./entrypoint.sh file=/etc/ambassador-config-1/payment-service-default.yaml program=python3 gparent=<NA> ggparent=<NA> gggparent=<NA>) k8s.pod=<NA> container=21b0bf1f68db

I would suggest changing the configuration location from /etc/ambassador-config to simply /ambassador-config.

I also strongly feel like Ambassador’s processes (entrypoint.sh, python3 and envoy) should be running as non-root user.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:1
  • Comments:8 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
kflynncommented, Jun 27, 2018

@alexgervais See https://www.getambassador.io/reference/running – Ambassador 0.35.0 supports running as non-root. Let us know if you run into trouble!

0reactions
kflynncommented, Jun 27, 2018

@PaulM667 Great news!!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Docker Security - OWASP Cheat Sheet Series
Docker is the most popular containerization technology. Upon proper use, it can increase the level of security (in comparison to running applications directly ......
Read more >
What Is Docker Container Security? - Trend Micro
Securing a Docker container is no different than securing other containers. It requires an all-inclusive approach, securing everywhere from the host to the ......
Read more >
Docker Security: 5 Risks and 5 Best Practices - Tigera
Docker security encompasses the runtime, build, and orchestration of containers. Security aspects include base images, the Dockerfile, the container runtime ...
Read more >
Docker Security - Best Practices to Secure a Docker Container
Best practices to secure Docker containers · Regularly update Docker and host · Run containers as a non-root user · Configure resource quotas...
Read more >
Top 20 Docker Security Best Practices: Ultimate Guide
Runtime security for Docker containers involves securing your workload, so that once a container is running, drift is not possible, and any ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Support global level http -> https redirection

Next page

Ambassador not working on fresh installed kubernetes