Apply Security Context to Your Pods and Containers
Details Apply Security Context to Your Pods and Containers Rationale: A security context defines the operating system security settings (uid,...
- Home
- Security Hardening
- CIS Kubernetes 1.7.0 Benchmark V1.1.0 L2
CIS Kubernetes 1.7.0 Benchmark V1.1.0 L2
Apply Security Context to Your Pods and Containers
Details Apply Security Context to Your Pods and Containers Rationale: A security context defines the operating system security settings (uid,...Configure Image Provenance using ImagePolicyWebhook admission controller
Details Configure Image Provenance for your deployment. Rationale: Kubernetes supports plugging in provenance rules to accept or reject the images...Configure Network policies as appropriate
Details Configure Network policies as appropriate. Rationale: The Network Policy API is now stable. Network policy, implemented through a network...Create network segmentation using Network Policies
Details Use network policies to isolate your cluster network. Rationale: Running different applications on the same Kubernetes cluster creates a...Ensure that a unique Certificate Authority is used for etcd
Details Use a different certificate authority for etcd from the one used for Kubernetes. Rationale: etcd is a highly available...Ensure that the seccomp profile is set to docker/default in your pod definitions
Details Enable `docker/default` seccomp profile in your pod definitions. Rationale: Seccomp (secure computing mode) is used to restrict the set...