Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Google > Gke >

Enforce Pod Security Policy

HIGH
Source
Trivy
ID
AVD-GCP-0047
terraform

Pod security policy enforcement not defined.

By default, Pods in Kubernetes can operate with capabilities beyond what they require. You should constrain the Pod’s capabilities to only those required for that workload.

Kubernetes offers controls for restricting your Pods to execute with only explicitly granted capabilities.

Pod Security Policy allows you to set smart defaults for your Pods, and enforce controls you want to enable across your fleet.

The policies you define should be specific to the needs of your application

Impact

Pods could be operating with more permissions than required to be effective

Follow the appropriate remediation steps below to resolve the issue.

Use security policies for pods to restrict permissions to those needed to be effective

1
2
3
4
5

 resource "google_container_cluster" "good_example" {
 	pod_security_policy_config {
         enabled = "true"
 	}
 }
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use