You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Istio uses the user/group of 1337 as a special user/group meant for the sidecar only. Allowing access to run as this user/group can provide an pathway of attack/way to bypass the sidecar.
We should add a new policy to block usage of this user/group except by the istio proxy. This policy should also have an exemption for consistency, likely called something like RestrictIstioUser.
The text was updated successfully, but these errors were encountered:
Istio uses the user/group of 1337 as a special user/group meant for the sidecar only. Allowing access to run as this user/group can provide an pathway of attack/way to bypass the sidecar.
We should add a new policy to block usage of this user/group except by the istio proxy. This policy should also have an exemption for consistency, likely called something like
RestrictIstioUser.The text was updated successfully, but these errors were encountered: