Ensure that the pod security policy is enabled in your AKS cluster

PodSecurityPolicy is an admission controller that validates a pod specification meets your defined requirements. These requirements may limit the use of privileged containers, access to certain types of storage, or the user or group the container can run as. To improve the security of your AKS cluster, you can limit what pods can be scheduled. Pods that request resources you don't allow can't run in the AKS cluster. You define this access using pod security policies.

Risk Level: Low
Cloud Entity: Azure AKS
CloudGuard Rule ID: D9.AZU.AKS.03
Covered by Spectral: No
Category: Compute

GSL LOGIC

AksCluster should have properties.enablePodSecurityPolicy=true

REMEDIATION

You can enable or disable pod security policy using the az aks update command.

Reference : https://docs.microsoft.com/en-us/azure/aks/use-pod-security-policies#enable-pod-security-policy-on-an-aks-cluster

Azure AKS

AKS is an open-source fully managed container orchestration service that became available in June 2018 and is available on the Microsoft Azure public cloud that can be used to deploy, scale and manage Docker containers and container-based applications in a cluster environment.

Compliance Frameworks

  • Azure CloudGuard Best Practices