CIS Kubernetes Benchmarks V1.23 1.23

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Minimize the admission of containers wishing to share the host IPC namespace

Minimize the admission of containers wishing to share the host network namespace

Minimize the admission of containers wishing to share the host process ID namespace

Minimize the admission of containers with added capabilities

Minimize the admission of containers with allowPrivilegeEscalation

Minimize the admission of containers with capabilities assigned

Minimize the admission of containers with capabilities assigned

Minimize the admission of containers with the NET_RAW capability

Minimize the admission of HostPath volumes

Minimize the admission of privileged containers

Minimize the admission of root containers

Minimize wildcard use in Roles and ClusterRoles

Prefer using secrets as files over secrets as environment variables (Manual)

The default namespace should not be used

Verify that the --read-only-port argument is set to 0

Verify that the RotateKubeletServerCertificate argument is set to true