lurker container specs #2559

cdm-anv · 2024-07-04T06:31:25Z

cdm-anv
Jul 4, 2024

Dear Community,

Securecodebox injects the lurker container into each scan job/pod. We need to customize certain specifications of the lurker container, such as securityContext or automountServiceToken properties. However, I haven't found a solution to achieve this. We are using the latest Helm charts and Kustomize to install Securecodebox on our Kubernetes cluster.

Is there a way to accomplish this customization?

J12934 · 2024-07-05T07:49:27Z

J12934
Jul 5, 2024
Maintainer

Hi @cdm-anv
No that's not supported right now.
The goal was to have the lurker run with as little rights as required so that it works with almost all rules/policies.
The securityContext set on the lurker should be enough to have it run in the strict pod security standard.

The automountServiceToken token is explicitly set to true as the lurker needs that token to talk to the kubernetes api to find out weather the scanner pod is finished.

Can you go into more details what your requirements reguarding security content are that the lurker doesn't meet yet?
Would be interessting to see if there is something we could set in addition to the current settings.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lurker container specs #2559

{{title}}

Replies: 1 comment

{{title}}

Select a reply

lurker container specs #2559

cdm-anv Jul 4, 2024

Replies: 1 comment

J12934 Jul 5, 2024 Maintainer

cdm-anv
Jul 4, 2024

J12934
Jul 5, 2024
Maintainer