Azure Kubernetes Deployment of Rasa X Helmchart Security Recommendations

Within my deployment I have high priority security recommendations from azure kubernetes deployment. I have some issues dealing with them as the rasa x helmchart doesn’t provide some parameters to solve these issues. Such as

Running containers as root user should be avoided Remediation

  1. From the Unhealthy resources tab, select the cluster. Defender for Cloud lists the pods running containers missing the ‘MustRunAsNonRoot’ rule.
  2. For these pods, ensure the runAsUser property is set to a non-zero value. Trying to set runAsNotRoot to true will result in a deployment error.
  3. After making your changes, redeploy the pod with the updated rule. And adding it does not change anything

RunAsUser parameter is not found in the following pods This parameter is not found in the rasa-x values file of all of these pods rasa-x worker production nginx event-service duckling db-migration app

Kubernetes Clusters Should Disable Automounting API Credentials Solution adding the following parameter resolves it automountServiceAccountToken: false

These pods once again do not have that value Postgresql (postgresql 8.6.13 · bitnami/bitnami) rabbitmq (rabbitmq 6.19.2 · bitnami/bitnami) redis (redis 10.5.14 · bitnami/bitnami)

Overriding or disabling of containers AppArmor profile should be restricted solution

annotations: runtime/default

problem: Annotations not available for all except rabbitmq