Pod should not use the node network namespace

Controls whether the pod may use the node network namespace. Doing so gives the pod access to the loopback device, services listening on localhost and could be used to snoop on network activity of other pods on the same node.

Risk Level: Critical
Cloud Entity: Pods
CloudGuard Rule ID: D9.K8S.AC.14
Covered by Spectral: No
Category: Compute

GSL LOGIC

KubernetesPod should not have spec.hostNetwork=true

REMEDIATION

Pods

Pods are the smallest deployable units of computing that can be created and managed in Kubernetes.A Pod is a group of one or more containers (such as Docker containers), with shared storage/network, and a specification for how to run the containers.

Compliance Frameworks

  • Container Admission Control
  • Container Admission Control 1.0