Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/alicloud_compliance
Overview
1Dashboards
78Controls
40Queries
2Variables
GitHub
Loading controls...

Control: 7.7 Ensure Network policy is enabled on Kubernetes Engine Clusters

Description

A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods. The Kubernetes Network Policy API allows the cluster administrator to specify what pods are allowed to communicate with each other.

Remediation

Only the Terway network plugin support the Network Policy feature, so please make sure not choose Flannel as network plugin when creating cluster.

From Console

  1. Logon to ACK console.
  2. Click the Create Kubernetes Cluster button and select Terway in Network Plugin option.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_7_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_7_7 --share

SQL

This control uses a named query:

cs_kubernetes_cluster_network_policy_enabled

Tags

category = Compliance
cis = true
cis_item_id = 7.7
cis_level = 1
cis_section_id = 7
cis_type = automated
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/ACK