website logo
⌘K
ContainIQ Overview
Installing ContainIQ
Sending Fargate Logs to ContainIQ
Sending Logs from a Sidecar Container
Git Integration
Prometheus Integration
Requirements
Using ContainIQ
Security
Docs powered by
Archbee

Security

4min

Service Account Permissions

Our agent needs permission to get, watch and list all resources in the core and metrics API groups. See below for our service agent's permissions.

YAML
|
rules:
  - apiGroups: ["", "metrics.k8s.io"]
    resources: ["*"]
    verbs: ["get","watch","list"]


Daemonset Permissions

Our daemonset utilizes eBPF to instrument at the kernel level. This allows to capture application level data with out the installation of any application level packages. Unfortunately this added insight does come at a cost. Our daemonset requires the container to be ran as privileged. Fortunately in Linux 5.8 the capability "BPF" was added allowing us to capture these lower level insights without as permissive privileges.

SOC 2

ContainIQ’s SOC 2 readiness report can be accessed via SafeBase and found here.

Questions / Disclosures / Comments

security@containiq.com

More coming soon.....

Updated 03 Mar 2023
Did this page help you?
PREVIOUS
Using ContainIQ
Docs powered by
Archbee
TABLE OF CONTENTS
Service Account Permissions
Daemonset Permissions
SOC 2
Questions / Disclosures / Comments
Docs powered by
Archbee