Guides
  1. kubernetes policies
  2. Pods

Minimize the admission of containers which use HostPorts

Risk Level: High
Cloud Entity: Pods
CloudGuard Rule ID: D9.K8S.IAM.80
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

KubernetesPod should not have spec.containers contain [ ports contain [ hostPort!=0 ] ] or spec.initContainers contain [ ports contain [ hostPort!=0 ] ]

REMEDIATION

Add policies to each namespace in the cluster which has user workloads to restrict the
admission of containers which use hostPort sections.

References

  1. https://kubernetes.io/docs/concepts/security/pod-security-standards/

Pods

Pods are the smallest deployable units of computing that can be created and managed in Kubernetes. A Pod is a group of one or more containers (such as Docker containers), with shared storage/network, and a specification for how to run the containers.

Compliance Frameworks

  • CIS Kubernetes Benchmark v1.23

Updated 7 months ago