Skip to content

Kubernetes (K8S) Misconfiguration

Name Id Description
K8S Dashboard Present k8s-dashboard-present Ensure the Kubernetes dashboard is not deployed
K8S Docker Daemon k8s-docker-daemon Do not expose the docker daemon socket to containers
K8S Host Namespace k8s-host-namespace Containers should not share the host namespaces
K8S Immutable Image k8s-immutable-image Image Tag should be fixed - not latest or blank
K8S Podsecuritypolicy Defined k8s-podsecuritypolicy-defined Ensure that if a Pod Security Policy exists, it enforces best practices.
K8S Rbac Wildcards k8s-rbac-wildcards Minimize wildcard use in Roles and ClusterRoles
K8S Resources Defined k8s-resources-defined CPU, Memory requests and limit should be set
K8S Securitycontext Capabilities k8s-securitycontext-capabilities Minimize the admission of containers with added capability
K8S Securitycontext Defined k8s-securitycontext-defined Apply security context to your pods and containers
K8S Securitycontext Privileged k8s-securitycontext-privileged Container should not be privileged
K8S Serviceaccount Default k8s-serviceaccount-default Ensure that default service accounts are not actively used
K8S Tiller Present k8s-tiller-present Ensure that Tiller (Helm v2) is not deployed