Google > Kubernetes >

Default Service Account

HIGH

Source

CloudSploit

default-service-account

management console

Default Service Account

Ensures all Kubernetes cluster nodes are not using the default service account.

Kubernetes cluster nodes should use customized service accounts that have minimal privileges to run. This reduces the attack surface in the case of a malicious attack on the cluster.

Recommended Actions

Ensure that no Kubernetes cluster nodes are using the default service account

Links

https://cloud.google.com/container-optimized-os/

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.