It’s often easier to over-permission a Kubernetes deployment with root access to just get something working, but it’s not recommended. It leads to security issues and over-privileged users. While that may be okay in development, in production that’s a major problem. As more pods are created, you may unknowingly be running many pods as root.
How to identify if Kubernetes pods are running as root
Having individual contributors design their own Kubernetes security configuration all but ensures inconsistency and mistakes. It doesn’t often happen intentionally, often it’s because engineers are focused on getting containers to run in Kubernetes. Unfortunately, many neglect to revisit configurations along the way causing gaps in security and efficiency.
Platform teams responsible for security can attempt to manually go through each pod to check for misconfigured deployments. But many DevOps teams are under-staffed and don’t have the bandwidth to manually inspect every change introduced by a variety of engineering teams.
That’s why we created Fairwinds Insights, a configuration validation platform that integrates trusted open source tools so that teams can scan clusters automatically to check for misconfigurations. It saves time and reduces security risks.
“We use Fairwinds Insights as an overall monitoring tool for our clusters. It consolidates all our alerts and security in one place helping to lower the resources needed to identify problems.” Brent Jaworski, Lead DevOps engineer at Boxed
Read the case study
Fairwinds Insights gives you configuration validation
Fairwinds Insights is a tool that shows you exactly where your team has misconfigured Kubernetes. It then recommends improvements and helps to track and prioritize fixes.
You can try it for free by creating an account, creating a cluster and installing the agent. We provide two agent options: a Helm chart (this allows you to customize your installation) or a kubectl command.
Checking the security posture of your cluster
Once the Fairwinds Insights agent is installed you’ll get results in 5–10 minutes. Now you can easily check the security posture of your cluster. Here’s a quick video on how it works.
Using Fairwinds Insights will dramatically reduce the risk of security incidents in production. The configuration validation platform ensures that security best practices are followed organization-wide.
If you’re curious to learn more, check out our free trial!
Written By: Joe Pelletier
Fairwinds — The Kubernetes Enablement Company
ClusterOps Managed Kubernetes — ClusterOps is a fully-managed Kubernetes cluster management tool that integrates infrastructure as code, open source software, and SRE expertise as a subscription service.
ClusterOps Kubernetes Advisory — ClusterOps Advisory integrates Kubernetes expertise and open source software so you can confidently run reliable, scalable, and secure Kubernetes clusters.
Fairwinds Insights — We integrate trusted tools, collaboration workflows, and expertise into a single monitoring platform, so workloads always stay secure, reliable, and efficient.
