Update restore Job (#77) #21
Annotations
10 warnings
Scan with kics:
charts/dbp-moodle/charts/moodlecronjob/templates/cronjob.yml#L105
CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
|
Scan with kics:
charts/dbp-moodle/charts/moodlecronjob/templates/cronjob.yml#L105
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
|
Scan with kics:
charts/dbp-moodle/charts/moodlecronjob/templates/cronjob.yml#L105
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
Scan with kics:
charts/dbp-moodle/charts/moodlecronjob/templates/cronjob.yml#L106
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
Scan with kics:
charts/dbp-moodle/charts/moodlecronjob/templates/cronjob.yml#L105
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
|
Scan with kics:
charts/dbp-moodle/charts/moodlecronjob/templates/cronjob.yml#L105
Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes
|
Scan with kics:
charts/dbp-moodle/templates/roles/moodle-cronjob-role.yaml#L5
The permission to create pods in a cluster should be restricted because it allows privilege escalation.
|
Scan with kics:
charts/dbp-moodle/templates/roles/moodle-cronjob-role.yaml#L5
Roles or ClusterRoles with RBAC permissions to run commands in containers via 'kubectl exec' could be abused by attackers to execute malicious code in case of compromise. To prevent this, the 'pods/exec' verb should not be used in production environments
|
Scan with kics:
charts/dbp-moodle/charts/moodlecronjob/templates/cronjob.yml#L106
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
Scan with kics:
charts/dbp-moodle/charts/moodlecronjob/templates/cronjob.yml#L93
Service Account Tokens are automatically mounted even if not necessary
|
Loading