Risk Level: High
Cloud Entity: Pods
CloudGuard Rule ID: D9.K8S.IAM.80
Covered by Spectral: Yes
KubernetesPod should not have spec.containers contain [ ports contain [ hostPort!=0 ] ] or spec.initContainers contain [ ports contain [ hostPort!=0 ] ]
Add policies to each namespace in the cluster which has user workloads to restrict the
admission of containers which use hostPort sections.
Pods are the smallest deployable units of computing that can be created and managed in Kubernetes.A Pod is a group of one or more containers (such as Docker containers), with shared storage/network, and a specification for how to run the containers.
- CIS Kubernetes Benchmark v1.23
Updated 3 months ago