Risk Level: High
Cloud Entity: Network Policies
CloudGuard Rule ID: D9.K8S.NET.33
Covered by Spectral: No
Category: Networking & Content Delivery

GSL LOGIC

List<KubernetesNetworkPolicy> should have items length()>0

REMEDIATION

If the CNI plugin in use does not support network policies, consideration should be given to
making use of a different plugin, or finding an alternate mechanism for restricting traffic in
the Kubernetes cluster.

References

https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/

Network Policies

A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints.

Compliance Frameworks

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1
CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0
CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.3.0
CIS Google Kubernetes Engine (GKE) Benchmark v1.2.0
CIS Google Kubernetes Engine (GKE) Benchmark v1.4.0
CIS Kubernetes Benchmark v1.23
CIS Kubernetes Benchmark v1.24
CIS Kubernetes Benchmark v1.5.1
CIS Kubernetes Benchmark v1.6.1
CIS Microsoft Kubernetes Engine (AKS) Benchmark v1.1.0
CIS Microsoft Kubernetes Engine (AKS) Benchmark v1.3.0
CIS OpenShift Container Platform v4 Benchmark v1.1.0
CIS OpenShift Container Platform v4 Benchmark v1.4.0
OpenShift Container Platform v3