Loading controls...
Control: Kubernetes cluster pods and containers should only run with approved user and group IDs
Description
Control the user, primary group, supplemental group and file system group IDs that pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.kubernetes_cluster_pods_and_containers_uses_approved_user_and_group_id
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.kubernetes_cluster_pods_and_containers_uses_approved_user_and_group_id --share
SQL
This control uses a named query:
manual_control