Tiller (Helm v2) Is Deployed

• Query id: 6d173be7-545a-46c6-a81d-2ae52ed1605d
• Query name: Tiller (Helm v2) Is Deployed
• Platform: Kubernetes
• Severity: High
• Category: Insecure Configurations
• URL: Github

Description

Check if Tiller is deployed.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

--- 
apiVersion: extensions/v1beta1
kind: Deployment
metadata: 
  labels: 
    app: helm
    name: tiller
  name: tiller-deploy
spec: 
  containers: 
    - 
      image: tiller-image
      name: tiller-v1
  template: 
    metadata: 
      labels: 
        app: helm
        name: tiller
    spec: 
      containers: 
        - 
          args: 
            - "--listen=10.7.2.8:44134"
          image: tiller-image
          name: tiller-v2
          ports: 
            - 
              containerPort: 44134
              name: tiller
              protocol: TCP
            - 
              containerPort: 44135
              name: http
              protocol: TCP
      serviceAccountName: tiller

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
    - name: sec-ctx-vol
  containers:
    - name: sec-ctx-demo
      image: busybox
      command: [ "sh", "-c", "sleep 1h" ]
      volumeMounts:
        - name: sec-ctx-vol
          mountPath: /data/demo
      securityContext:
        allowPrivilegeEscalation: false