Ensure only allowed volume types are mounted for all Kubernetes workloads

MEDIUM

Description

Some volume types mount the host file system paths to the pod or container, thus increasing the chance of escaping the container to access the host.

Remediation

Review the volumes that are mounted using the spec.volumes object in the resource YAML file. For more information on what values are allowed, see the Kubernetes documentation.

References:
https://kubernetes.io/docs/concepts/security/pod-security-standards/

Policy Details

Rule Reference ID: AC_K8S_0081

CSP: Kubernetes

Remediation Available: No

Domain: Identity and Access Management

Resource: kubernetes_pod

Resource Category: Compute

Resource Type: Pod

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA

Detections

Analytics