It's often easier to over-permission a Kubernetes deployment with root access to just get something working, but it’s not recommended. It leads to security issues and over privileged users. While that may be okay in development, in production that’s a major problem. As more pods are created, you may unknowingly be running many pods as root.
Having individual contributors design their own Kubernetes security configuration all but ensures inconsistency and mistakes. It doesn’t often happen intentionally, often it’s because engineers are focused on getting containers to run in Kubernetes. Unfortunately, many neglect to revisit configurations along the way causing gaps in security and efficiency.
Platform teams responsible for security can attempt to manually go through each pod to check for misconfigured deployments. But many DevOps teams are under-staffed and don’t have the bandwidth to manually inspect every change introduced by a variety of engineering teams.
That’s why we created Fairwinds Insights, a configuration validation platform that integrates trusted open source tools so that teams can scan clusters automatically to check for misconfigurations. It saves time and reduces security risks.
“We use Fairwinds Insights as an overall monitoring tool for our clusters. It consolidates all our alerts and security in one place helping to lower the resources needed to identify problems.” Brent Jaworski, Lead DevOps engineer at Boxed
Read the case study
This video walks you through how you can ensure containers do not run as root using Fairwinds Insights:
Fairwinds Insights is a tool that shows you exactly where your team has misconfigured Kubernetes. It then recommends improvements and helps to track and prioritize fixes.
You can try it for free by creating an account, creating a cluster and installing the agent. We provide two agent options: a Helm chart (this allows you to customize your installation) or a kubectl command.
Once the Fairwinds Insights agent is installed, you’ll get results in 5-10 minutes. Fairwinds Insights can help you protect your Kubernetes systems against security compromises. Learn how you can use an Insights Compliance Report to achieve many of the recommendations from the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) for hardening Kubernetes.
Using Fairwinds Insights will dramatically reduce the risk of security incidents in production by ensuring that security best practices are followed organization-wide.
Origininally published April 30, 2020, updated August 31, 2023 to change the video and add relevant links.