Read environment variable from proc files

​

Event Information

​

Meaning

• The “Read environment variable from proc files” event in a Kubernetes cluster indicates that a process running within a container is attempting to read environment variables from the /proc filesystem.
• This event could potentially indicate a security concern, as reading environment variables from /proc can expose sensitive information such as passwords or API keys.
• To investigate this event, you can use the kubectl command to check the logs of the container where the event occurred. For example, you can use “kubectl logs <pod_name> -c <container_name>” to view the logs and look for any suspicious activity related to reading environment variables from /proc.

​

Remediation

1. Create a Kubernetes ConfigMap to store the environment variables:

   • Create a YAML file named configmap.yaml with the following content:

     apiVersion: v1
     kind: ConfigMap
     metadata:
       name: env-vars
     data:
       MY_ENV_VAR: <value>
     

   • Replace <value> with the desired value for the environment variable.
   • Apply the ConfigMap using the following command:

     kubectl apply -f configmap.yaml
     

2. Update the deployment to use the ConfigMap:

   • Modify the YAML file of the deployment that reads the environment variable from /proc files.
   • Add the envFrom field under the spec.template.spec.containers section:

     envFrom:
       - configMapRef:
           name: env-vars
     

   • Apply the updated deployment using the following command:

     kubectl apply -f deployment.yaml
     

3. Verify the environment variable is being read correctly:

   • Check the logs of the pod associated with the deployment to ensure the environment variable is being read correctly.

     kubectl logs <pod-name>
     

   • Look for the output that confirms the environment variable value is as expected.

Note: Make sure to replace <pod-name> with the actual name of the pod associated with the deployment.