Pod should not use the node network namespace
Controls whether the pod may use the node network namespace. Doing so gives the pod access to the loopback device, services listening on localhost and could be used to snoop on network activity of other pods on the same node.
Risk Level: Critical
Cloud Entity: Pods
CloudGuard Rule ID: D9.K8S.AC.14
Covered by Spectral: No
Category: Compute
GSL LOGIC
KubernetesPod should not have spec.hostNetwork=true
REMEDIATION
Pods
Pods are the smallest deployable units of computing that can be created and managed in Kubernetes.A Pod is a group of one or more containers (such as Docker containers), with shared storage/network, and a specification for how to run the containers.
Compliance Frameworks
- Container Admission Control
- Container Admission Control 1.0
Updated over 1 year ago