
Deployment/metrics-server (kubernetes)
======================================
Tests: 1 (SUCCESSES: 1, FAILURES: 0)
Failures: 0 ()

MEDIUM: Container 'metrics-server' of Deployment 'metrics-server' should set 'securityContext.allowPrivilegeEscalation' to false
════════════════════════════════════════
A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

See https://avd.aquasec.com/misconfig/ksv001
────────────────────────────────────────
 Deployment/metrics-server:132-140
────────────────────────────────────────
 132 ┌                 - image: rancher/metrics-server:v0.3.6
 133 │                   imagePullPolicy: IfNotPresent
 134 │                   name: metrics-server
 135 │                   resources: {}
 136 │                   terminationMessagePath: /dev/termination-log
 137 │                   terminationMessagePolicy: File
 138 │                   volumeMounts:
 139 │                     - mountPath: /tmp
 140 └                       name: tmp-dir
────────────────────────────────────────



Deployment/metrics-server (kubernetes)
======================================
Tests: 1 (SUCCESSES: 1, FAILURES: 0)
Failures: 0 ()

LOW: Container 'metrics-server' of Deployment 'metrics-server' should add 'ALL' to 'securityContext.capabilities.drop'
════════════════════════════════════════
The container should drop all default capabilities and add only those that are needed for its execution.

See https://avd.aquasec.com/misconfig/ksv003
────────────────────────────────────────
 Deployment/metrics-server:132-140
────────────────────────────────────────
 132 ┌                 - image: rancher/metrics-server:v0.3.6
 133 │                   imagePullPolicy: IfNotPresent
 134 │                   name: metrics-server
 135 │                   resources: {}
 136 │                   terminationMessagePath: /dev/termination-log
 137 │                   terminationMessagePolicy: File
 138 │                   volumeMounts:
 139 │                     - mountPath: /tmp
 140 └                       name: tmp-dir
────────────────────────────────────────


