Tiller (Helm v2) deployed

This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

Id: 6d173be7-545a-46c6-a81d-2ae52ed1605d

Cloud Provider: k8s

Framework: Kubernetes

Severity: High

Category: Insecure Configurations

Learn More

Description

Tiller (Helm v2) should not be deployed, as it is deprecated and no longer supported.

Compliant Code Examples

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
    - name: sec-ctx-vol
  containers:
    - name: sec-ctx-demo
      image: busybox
      command: [ "sh", "-c", "sleep 1h" ]
      volumeMounts:
        - name: sec-ctx-vol
          mountPath: /data/demo
      securityContext:
        allowPrivilegeEscalation: false

Non-Compliant Code Examples

--- 
apiVersion: extensions/v1beta1
kind: Deployment
metadata: 
  labels: 
    app: helm
    name: tiller
  name: tiller-deploy
spec: 
  containers: 
    - 
      image: tiller-image
      name: tiller-v1
  template: 
    metadata: 
      labels: 
        app: helm
        name: tiller
    spec: 
      containers: 
        - 
          args: 
            - "--listen=10.7.2.8:44134"
          image: tiller-image
          name: tiller-v2
          ports: 
            - 
              containerPort: 44134
              name: tiller
              protocol: TCP
            - 
              containerPort: 44135
              name: http
              protocol: TCP
      serviceAccountName: tiller