Control: Kubernetes clusters should not allow container privilege escalation
Description
Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.kubernetes_cluster_container_privilege_escalation_restrictedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.kubernetes_cluster_container_privilege_escalation_restricted --shareSQL
This control uses a named query:
manual_control