turbot/alicloud_compliance

Control: 7.7 Ensure Network policy is enabled on Kubernetes Engine Clusters

Description

A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods. The Kubernetes Network Policy API allows the cluster administrator to specify what pods are allowed to communicate with each other.

Remediation

Only the Terway network plugin support the Network Policy feature, so please make sure not choose Flannel as network plugin when creating cluster.

From Console

  1. Logon to ACK console.
  2. Click the Create Kubernetes Cluster button and select Terway in Network Plugin option.

Usage

steampipe check alicloud_compliance.control.cis_v100_7_7

SQL

This control uses a named query:

cs_kubernetes_cluster_network_policy_enabled

Tags