Sharing the host process ID namespace breaks the isolation between container images and can make processes visible to other containers in the pod. This includes all information in the /proc directory, which can sometimes include passwords or keys, passed as environment variables.
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-kubernetes:2.3.0 in your build file or by running a shell command (in which case no build changes are needed):
---type:specs.openrewrite.org/v1beta/recipename:org.openrewrite.kubernetes.NoHostProcessIdSharingdisplayName:No host process ID sharingdescription: Sharing the host process ID namespace breaks the isolation between container images and can make processes visible to other containers in the pod. This includes all information in the /proc directory, which can sometimes include passwords or keys, passed as environment variables.
tags: - kubernetesrecipeList: - org.openrewrite.kubernetes.AddConfiguration:resourceKind:PodconfigurationPath:$.specvalue:hostPID:false
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.