Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Microsoft recommendations to improve security and resilience in the promitor 2.9.1 service #2548

Closed
sairinraychoudhury opened this issue Sep 23, 2024 · 1 comment
Assignees
Labels
feature-request New feature requests

Comments

@sairinraychoudhury
Copy link

Proposal

Hi Everyone
Needed advice from community members. We have deployed promitor 2.9.1 using helm in Microsoft Azure Kubernetes Service (AKS). Also during an assessment of our platform towards improved security & resilience angle received below recommendations from Microsoft experts to be implemented.

  1. Containers sharing sensitive host namespaces should be avoided
  2. Least privileged Linux capabilities should be enforced for containers
  3. Privileged containers should be avoided
  4. Usage of host networking and ports should be restricted.
  5. Usage of pod HostPath volume mounts should be restricted to a known list to restrict node access from compromised containers
  6. The root access inside the service container should be avoided.

We are not sure if above actions when implemented will have an impact on promitor since we used default promitor configs which are in helm chart for promitor.

Could anyone from the community please help or guide us on below queries?

  1. Have you tried implementing custom configs apart from default configs provided?
  2. Do you have a view of the impact by any means if we go ahead and implement this?
  3. Are there any other general recommendation towards achieving this?

Component

Scraper

Contact Details

[email protected]

Copy link

Thank you for opening an issue! We rely on the community to maintain Promitor. (Learn more)

Is this something you want to contribute?

Repository owner locked and limited conversation to collaborators Sep 23, 2024
@tomkerkhove tomkerkhove converted this issue into discussion #2550 Sep 23, 2024
@github-project-automation github-project-automation bot moved this from Proposed to Ready To Ship in Promitor Roadmap Sep 23, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Labels
feature-request New feature requests
Projects
Status: Ready To Ship
Development

No branches or pull requests

2 participants