I'm deploying franbuehler/modsecurity-crs-rp (https://hub.docker.com/r/franbuehler/modsecurity-crs-rp) in a kubernetes pod in front of a web app from a manifest yaml file. It's prep for a class on this subject I'll be teaching in a couple weeks. No matter how high I set the paranoia level it still seems to just use the default of paranoia_level 1. This is evidenced by the fact that the reports generated by the attacker application (zed attack proxy) are identical no matter which paranoia level I choose. At P4 it should be locked down tight butits showing same vulnerabilities as when I use P1. When executing the same thing locally with Docker, the reports change drastically when paranoia level goes from 1 to 2.

Below is the pertinent snippet from the manifest. It does not err when I do the kubectl apply. And I can verify the other env variables are working as I can access my web app from the www. Audit logs inside the running container seem to indicate no errors regarding paranoia, just reconfirms paranoia level is indeed set to '1' despite me explicitly setting it to '4' in the yaml file.

I've tried several variations on the below including switching to 'paranoia_level', 'EXECUTING_PARANOIA', etc.... to no avail. Is below not the correct way to do this in kubernetes?

    spec:
      containers:
      - name: waf
        image: franbuehler/modsecurity-crs-rp
        ports:
        - name: default
          containerPort: 8001
        env:
        - name: PROXY
          value: "1"
        - name: BACKEND
          value: "http://127.0.0.1:3000/"
        - name: PARANOIA
          value: "4"