AC_K8S_0051 | Prefer using secrets as files over secrets as environment variables | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0052 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | LOW |
AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_K8S_0054 | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0055 | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0056 | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0057 | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0058 | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0059 | Ensure that the --client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0060 | Ensure that the --auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0061 | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0062 | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0063 | Ensure that the --peer-auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0064 | Apply Security Context to Your Pods and Containers | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0065 | Ensure that a unique Certificate Authority is used for etcd | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0066 | Ensure that a minimal audit policy is created | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0067 | Ensure Kubernetes dashboard is not deployed | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0068 | Ensure image tag is set in Kubernetes workload configuration | Kubernetes | Security Best Practices | LOW |
AC_K8S_0069 | Ensure that every container image has a hash digest in all Kubernetes workloads | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0070 | Ensure liveness probe is configured for containers in all Kubernetes workloads | Kubernetes | Security Best Practices | LOW |
AC_K8S_0071 | Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes workloads | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0072 | Ensure readiness probe is configured for containers in all Kubernetes workloads | Kubernetes | Security Best Practices | LOW |
AC_K8S_0073 | Ensure AppArmor profile is not set to runtime/default in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0074 | Ensure kernel and system level calls are not configured in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0075 | Minimize the admission of containers with the NET_RAW capability | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0076 | Ensure mounting of hostPaths is disallowed in Kubernetes workload configuration | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0077 | Ensure 'procMount' is set to default in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0078 | Ensure 'readOnlyRootFileSystem' is set to true in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0079 | Ensure containers run with a high UID usually > 1000 to avoid host conflict | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0080 | Ensure that the seccomp profile is set to docker/default in pod definitions | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0081 | Ensure only allowed volume types are mounted for all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0082 | Minimize the admission of containers wishing to share the host process ID namespace | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0083 | Minimize the admission of containers wishing to share the host IPC namespace | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0084 | Minimize the admission of containers wishing to share the host network namespace | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0085 | Minimize the admission of containers with allowPrivilegeEscalation | Kubernetes | Compliance Validation | HIGH |
AC_K8S_0086 | The default namespace should not be used | Kubernetes | Security Best Practices | LOW |
AC_K8S_0087 | Minimize the admission of root containers | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0088 | Ensure mounting Docker socket daemon in a container is limited | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0089 | Ensure that the Anonymous Auth is Not Enabled | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0090 | Ensure that the --basic-auth-file argument is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0091 | Ensure that the --token-auth-file parameter is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0092 | Ensure that the --kubelet-https argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0093 | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0094 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0095 | Ensure that the --authorization-mode argument includes Node | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0096 | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0097 | Ensure CPU request is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0098 | Ensure CPU limit is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0099 | Ensure Memory request is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0100 | Ensure Memory request is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |