Apply Security Context to Your Pods and Containers
Details Apply Security Context to Your Pods and Containers Rationale: A security context defines the operating system security settings (uid,...
- Home
- Security Hardening
- CIS Kubernetes 1.8 Benchmark V1.2.0 L2
CIS Kubernetes 1.8 Benchmark V1.2.0 L2
Apply Security Context to Your Pods and Containers
Details Apply Security Context to Your Pods and Containers Rationale: A security context defines the operating system security settings (uid,...Configure Image Provenance using ImagePolicyWebhook admission controller
Details Configure Image Provenance for your deployment. Rationale: Kubernetes supports plugging in provenance rules to accept or reject the images...Configure Network policies as appropriate
Details Configure Network policies as appropriate. Rationale: The Network Policy API is now stable. Network policy, implemented through a network...Create network segmentation using Network Policies
Details Use network policies to isolate your cluster network. Rationale: Running different applications on the same Kubernetes cluster creates a...Ensure that a unique Certificate Authority is used for etcd
Details Use a different certificate authority for etcd from the one used for Kubernetes. Rationale: etcd is a highly available...Ensure that the seccomp profile is set to docker/default in your pod definitions
Details Enable ‘docker/default’ seccomp profile in your pod definitions. Rationale: Seccomp (secure computing mode) is used to restrict the set...Place compensating controls in the form of PSP and RBAC for privileged containers usage – clusterrolebinding
Details Use Pod Security Policies (PSP) and RBAC authorization to mitigate the risk arising from using privileged containers. Rationale: A...Place compensating controls in the form of PSP and RBAC for privileged containers usage – psp
Details Use Pod Security Policies (PSP) and RBAC authorization to mitigate the risk arising from using privileged containers. Rationale: A...Place compensating controls in the form of PSP and RBAC for privileged containers usage – rolebinding
Details Use Pod Security Policies (PSP) and RBAC authorization to mitigate the risk arising from using privileged containers. Rationale: A...