Detections
Analytics

Ensure that pod security policy is enabled for Azure Kubernetes Cluster

HIGH

Description

Disabling pod security policy in Azure Kubernetes Cluster may lead to unauthorized access.

Remediation

The Pod Security feature was removed from Kubernetes and is no longer available in AKS.

In Terraform -
In Provider versions prior to 2.x (deprecated):

  1. In the azurerm_kubernetes_cluster resource, add a network_profile block.
  2. Set the field network_profile.network_policy field to either azure or calico.

References:
https://kubernetes.io/docs/concepts/security/pod-security-policy/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
https://registry.terraform.io/providers/hashicorp/azurerm/1.44.0/docs/resources/kubernetes_cluster#enable_pod_security_policy

Policy Details

Rule Reference ID: AC_AZURE_0157
CSP: Azure
Remediation Available: Yes
Domain: Configuration and Vulnerability Analysis
Resource: azurerm_kubernetes_cluster
Resource Category: Compute
Resource Type: Azure Kubernetes Service (AKS)

Frameworks