Control: 7.7 Ensure Network policy is enabled on Kubernetes Engine Clusters
A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods. The Kubernetes Network Policy API allows the cluster administrator to specify what pods are allowed to communicate with each other.
Only the Terway network plugin support the Network Policy feature, so please make sure not choose Flannel as network plugin when creating cluster.
- Logon to ACK console.
- Click the
Create Kubernetes Clusterbutton and select
Run the control in your terminal:
steampipe check alicloud_compliance.control.cis_v100_7_7
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share alicloud_compliance.control.cis_v100_7_7
This control uses a named query:cs_kubernetes_cluster_network_policy_enabled