Workload misconfigurations

Kubernetes node’s Kube-Proxy configuration file owner is not root

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The kube-proxy kubeconfig file controls various parameters of the kube-proxy service in the worker node. Orca has detected that the kube-proxy's kubeconfig file owner on {K8sNode.Vm} is set to {Vm.K8sKubeProxyConfigs.ConfigFile.Group}:{Vm.K8sKubeProxyConfigs.ConfigFile.User}. The file should be owned by root:root.
  • Recommended Mitigation

    Consider setting {K8sNode}'s Kube-Proxy kubeconfig file owner to the root user.