Troubleshooting container issues

Following table lists the issues and some recommendations when you are deploying IBM Sterling Control Center in a containerized environment:
Issue Recommendation
User can configure the UID/GID of the ccuser during deployment. This UID/GID can be mapped to any known user on the host system where these directories are mounted. Users need to make sure the UID/GID values specified during deployment map to a secure special userid.
Attacker can use scanner to identify the current version of the Kubernetes cluster and might use the disclosed information to identify security vulnerabilities which can be exploited. Disable *--enable-debugging-handlers*kubelet flag.
Secrets are, by default, stored as unencrypted base64-encoded strings. Base64 is not an encryption method and is considered the same as plain text. If secrets are exposed to the incorrect parties, then attacker may misuse the leaked secrets.
  • Secret should be removed if not used after successful deployment.
  • Enable etcd for cluster to provide additional layer of security.
  • Enable or configure RBAC rules that restrict reading and writing the Secret. Be aware that secrets can be obtained implicitly by anyone with the permission to create a Pod.
  • If required opt for third party secret management tools.