Control: Kubernetes cluster pods and containers should only run with approved user and group IDs

Description

Control the user, primary group, supplemental group and file system group IDs that pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.kubernetes_cluster_pods_and_containers_uses_approved_user_and_group_id

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.kubernetes_cluster_pods_and_containers_uses_approved_user_and_group_id --share

SQL

This control uses a named query:

manual_control

Control: Kubernetes cluster pods and containers should only run with approved user and group IDs

Description

Usage

SQL

Tags