Insecure defaults in generated artifacts

[manusa]

Description

Mirror of TOB-JKUBE-1.

JKube can generate Kubernetes deployment artifacts and deploy applications using those
artifacts. By default, many of the security features offered by Kubernetes are not enabled
in these artifacts. This can lead to the deployed applications having more permissions than
their workload requires. If such an application was compromised, the permissions would
enable the attacker to perform further attacks against the container or host.

Subtasks (To be evaluated one by one)

• Pods have no associated network policies.
• Dockerfiles have base image references that use the latest tag.
• Container image references use the latest tag, or no tag, instead of a named tag
  or a digest.
• Resource (CPU, memory) limits are not set.
• Containers have allowPrivilegeEscalation unset.
• Containers are not configured to use a read-only filesystem.
• Containers run as the root user, and have privileged capabilities.
• Seccomp profiles are not enabled on containers.
• Service account tokens are mounted on pods where they may not be needed.

Recommendations

[manusa]

The security audit has now concluded and results have been published:

• Eclipse jkube addition trailofbits/publications#268
• https://github.com/trailofbits/publications/blob/master/reviews/2023-05-eclipse-jkube-securityreview.pdf
• https://ostif.org/jkube-audit/
• https://ostif.org/wp-content/uploads/2023/09/Eclipse-JKube-Threat-Model-and-Code-Review-Report.pdf
• https://blogs.eclipse.org/post/mika%C3%ABl-barbero/eclipse-foundation-publishes-results-eclipse-jkube-security-audit