Kubernetes
Kubernetes Diagnosis Items
| Category | Resource | Option | Item | Description | Risk Level | ISO27001 | CSAP | ISMS-P | Stability Assessment |
|---|---|---|---|---|---|---|---|---|---|
| Apps | Daemon Set, Deployment | Containers > Probe | Logging Monitoring | Liveness Probe Not Configured | MEDIUM | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Apps | Daemon Set, Deployment | Containers > Probe | Logging Monitoring | Readiness Probe Not Configured | MEDIUM | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Apps | Daemon Set, Deployment | Containers > Resources > Limits | Logging Monitoring | Resource Limits Not Configured | HIGH | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Apps | Daemon Set, Deployment | Containers > Resources > Requests | Logging Monitoring | Resource Requests Not Configured | HIGH | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Apps | Daemon Set, Deployment | Pod Security Context, Containers > Container Security Context | Access Control | Access Control Not Configured | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Apps | Daemon Set, Deployment | Pod Security Context, Pod Security Context > Run As User | Access Control | Use of root user | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Apps | Daemon Set, Deployment | Pod Security Context, Pod Security Context > Run As Non Root | Access Control | Use of root user | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Apps | Daemon Set, Deployment | Containers > Container Security Context, Containers > Container Security Context > Run As User | Access Control | Use of root user | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Apps | Daemon Set, Deployment | Containers > Container Security Context, Containers > Container Security Context > Run As Non Root | Access Control | Use of root user | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Apps | Daemon Set, Deployment | Containers > Env > Value From Type | Data Protection | Use of Secret environment variables | CRITICAL | 8.1 Operational planning and control | 9.1.1. Virtual Resource Management | 2.10 System and Service Security Management | 8.1.1 Virtualization Security |
| Apps | Daemon Set, Deployment | Containers > Env From > Type | Data Protection | Use of Secret environment variables | CRITICAL | 8.1 Operational planning and control | 9.1.1. Virtual Resource Management | 2.10 System and Service Security Management | 8.1.1 Virtualization Security |
| Apps | Daemon Set, Deployment | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Apps | Daemon Set, Deployment | Containers > Image | Data Protection | Digest and tag not set | HIGH | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Apps | Stateful Set | Containers > Probe | Logging Monitoring | Liveness Probe Not Configured | MEDIUM | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Apps | Stateful Set | Containers > Probe | Logging Monitoring | Readiness Probe Not Configured | MEDIUM | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Apps | Stateful Set | Containers > Resources > Limits | Logging Monitoring | Resource Limits Not Configured | HIGH | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Apps | Stateful Set | Containers > Resources > Requests | Logging Monitoring | Resource Requests Not Configured | HIGH | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Apps | Stateful Set | Containers > Env > Value From Type | Data Protection | Use of Secret environment variables | CRITICAL | 8.1 Operational planning and control | 9.1.1. Virtual Resource Management | 2.10 System and Service Security Management | 8.1.1 Virtualization Security |
| Apps | Stateful Set | Containers > Env From > Type | Data Protection | Use of Secret environment variables | CRITICAL | 8.1 Operational planning and control | 9.1.1. Virtual Resource Management | 2.10 System and Service Security Management | 8.1.1 Virtualization Security |
| Apps | Stateful Set | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Apps | Stateful Set | Containers > Image | Data Protection | Digest and tag not set | HIGH | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Autoscaling | Horizontal Pod Autoscaler | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Batch | Cron Job, Job | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Core | Config Map, Persistent Volume Claim, Secret, Service | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Core | Pod | Containers > Probe | Logging Monitoring | Liveness Probe Not Configured | MEDIUM | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Core | Pod | Containers > Probe | Logging Monitoring | Readiness Probe Not Configured | MEDIUM | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Core | Pod | Containers > Resources > Limits | Logging Monitoring | Resource Limits Not Configured | HIGH | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Core | Pod | Containers > Resources > Requests | Logging Monitoring | Resource Requests Not Configured | HIGH | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.2 Service Availability |
| Core | Pod | Pod Security Context, Containers > Container Security Context | Access Control | Access Control Not Configured | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Core | Pod | Pod Security Context, Pod Security Context > Run As User | Access Control | Use of root user | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Core | Pod | Pod Security Context, Pod Security Context > Run As Non Root | Access Control | Use of root user | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Core | Pod | Containers > Container Security Context, Containers > Container Security Context > Run As User | Access Control | Use of root user | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Core | Pod | Containers > Container Security Context, Containers > Container Security Context > Run As Non Root | Access Control | Use of root user | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Core | Pod | Containers > Env > Value From Type | Data Protection | Use of Secret environment variables | CRITICAL | 8.1 Operational planning and control | 9.1.1. Virtual Resource Management | 2.10 System and Service Security Management | 8.1.1 Virtualization Security |
| Core | Pod | Containers > Env From > Type | Data Protection | Use of Secret environment variables | CRITICAL | 8.1 Operational planning and control | 9.1.1. Virtual Resource Management | 2.10 System and Service Security Management | 8.1.1 Virtualization Security |
| Core | Pod | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Core | Pod | Containers > Image | Data Protection | Digest and tag not set | HIGH | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Core | Service Account | Automount Service Account Token | Access Control | Token automatic mount setting | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Core | Service Account | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Helm | Chart | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Networking | Ingress, Network Policy | Namespace | Data Protection | Use of default namespace | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Rbac | Cluster Role | Rule > Rule Type, Rule > Api Groups | Access Control | Wide range of permissions settings | CRITICAL | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Rbac | Cluster Role | Rule > Rule Type, Rule > Resources | Access Control | Wide range of permissions settings | CRITICAL | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Rbac | Cluster Role | Rule > Rule Type, Rule > Verbs | Access Control | Wide range of permissions settings | CRITICAL | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Rbac | Cluster Role | Rule > Rule Type, Rule > Verbs | Access Control | Wide range of permissions settings | CRITICAL | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Rbac | Cluster Role Binding | Subject, Subject > Kind | Access Control | Assign roles to the default service account | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Rbac | Role | Rule > Api Groups | Access Control | Wide range of permissions settings | CRITICAL | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Rbac | Role | Rule > Resources | Access Control | Wide range of permissions settings | CRITICAL | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Rbac | Role | Rule > Verbs | Access Control | Wide range of permissions settings | CRITICAL | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Rbac | Role Binding | Subject, Subject > Kind | Access Control | Assign roles to the default service account | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |