CNTR-K8-001360 - Kubernetes must separate user functionality.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Separating user functionality from management functionality is a requirement for all the components within the Kubernetes Control Plane. Without the separation, users may have access to management functions that can degrade the Kubernetes architecture and the services being offered, and can offer a method to bypass testing and validation of functions before introduced into a production environment.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Move any user pods that are present in the Kubernetes system namespaces to user specific namespaces.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R8_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001082, Rule-ID|SV-242417r863992_rule, STIG-ID|CNTR-K8-001360, Vuln-ID|V-242417

Plugin: Unix

Control ID: ae24b2161cfafeb59f02a0de7d8ffba5acaa8ed5930d0ecba00701b4727fdd1e