This product is not supported for your selected Datadog site. ().

Metadata

Id: bf36b900-b5ef-4828-adb7-70eb543b7cfb

Cloud Provider: k8s

Platform: Kubernetes

Severity: Low

Category: Insecure Configurations

Learn More

Description

Hostnames should not be overridden. This rule detects containers (including initContainers) whose command invokes kubelet and includes the --hostname-override= flag. Overriding the node hostname can create duplicate or incorrect hostnames and may disrupt node identity and cluster operations.

Compliant Code Examples

apiVersion: v1
kind: Pod
metadata:
  name: command-demo
  labels:
    purpose: demonstrate-command
spec:
  containers:
    - name: command-demo-container
      image: foo/bar
      command: ["kubelet"]
      args: []
  restartPolicy: OnFailure

Non-Compliant Code Examples

apiVersion: v1
kind: Pod
metadata:
  name: command-demo
  labels:
    purpose: demonstrate-command
spec:
  containers:
    - name: command-demo-container
      image: foo/bar
      command: ["kubelet","--hostname-override=host"]
      args: []
  restartPolicy: OnFailure
apiVersion: v1
kind: Pod
metadata:
  name: command-demo
  labels:
    purpose: demonstrate-command
spec:
  containers:
    - name: command-demo-container
      image: foo/bar
      command: ["kubelet"]
      args: ["--hostname-override=host"]
  restartPolicy: OnFailure