Learn how to check your host network configurations with Fairwinds Insights.
Hello everyone. My name is Munib Ali. I'm the Engineering Manager here at Fairwinds.
Today, I'm going to be talking about how to resolve the Insights action item, Host network should not be configured.
Insights scans your Kubernetes resources to determine if there is configuration that needs to be updated based off best practices and common standards. In our case, the host network should not be configured is considered an action item because a pod running with that attribute set to true will have access to the loop back device, services listening on local hosts, and can also be used to snoop on network traffic on other pods in the same node.
We will look at that action item and how we can resolve it.
On the bottom of my screen, you're looking at the Fairwinds insights user interface. I have this filtered on my cluster and that specific action item. If I click on the first action item, to the right pops up some useful information so I can remediate this. What I can see is the namespace, fw-prometheus, the kind, which is a DaemonSet, and the resource name. We have a little description of the action item, as well as remediation. In our example, it's to not configure the host network attribute. On the top, you'll see my terminal. I'm going to go into the cluster and I'm going to pull that YAML file for that specific resource to see exactly where that attribute is set to true.
If you see here, I'm going to get the DaemonSet for the node explorer in the Fairwinds Prometheus namespace and pull the YAML file. Okay, and then if I scroll up here, I see the host network is set to 'true'. I would need to remove this or set this to 'false' in order to remediate this action item.
Now, there are some cases where you will need this to be set to 'true'. For example, final is a tool that requires this to be set to 'true'. Insights has a way to resolve this. If you click on the three circles right here on the top right, and you click on resolve, you can choose working as intended. That way Insights recognizes that this is how the deployment should be configured and it will not pop up on your action items list. That is how we resolve the Insights action item, host network should not be configured.
Thanks for watching.
