Skip to main content

Kubernetes


Kubernetes Inspection Items

CategoryResourceOptionItemDescriptionRisk LevelISO27001CSAPISMS-PStability Assessment
AppsDaemon Set, DeploymentContainers > ProbeLogging MonitoringLiveness Probe Not Configured
MEDIUM
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
AppsDaemon Set, DeploymentContainers > ProbeLogging MonitoringReadiness Probe Not Configured
MEDIUM
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
AppsDaemon Set, DeploymentContainers > Resources > LimitsLogging MonitoringResource Limits Not Configured
HIGH
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
AppsDaemon Set, DeploymentContainers > Resources > RequestsLogging MonitoringResource Requests Not Configured
HIGH
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
AppsDaemon Set, DeploymentPod Security Context, Containers > Container Security ContextAccess ControlAccess Control Not Configured
HIGH
8.1 Operational planning and control10.1.1. Access Control Policy Establishment2.6 Access Control7.1.1 Access Control Policy
AppsDaemon Set, DeploymentPod Security Context, Pod Security Context > Run As UserAccess ControlUse of root user
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
AppsDaemon Set, DeploymentPod Security Context, Pod Security Context > Run As Non RootAccess ControlUse of root user
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
AppsDaemon Set, DeploymentContainers > Container Security Context, Containers > Container Security Context > Run As UserAccess ControlUse of root user
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
AppsDaemon Set, DeploymentContainers > Container Security Context, Containers > Container Security Context > Run As Non RootAccess ControlUse of root user
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
AppsDaemon Set, DeploymentContainers > Env > Value From TypeData ProtectionUse of Secret environment variables
CRITICAL
8.1 Operational planning and control9.1.1. Virtual Resource Management2.10 System and Service Security Management8.1.1 Virtualization Security
AppsDaemon Set, DeploymentContainers > Env From > TypeData ProtectionUse of Secret environment variables
CRITICAL
8.1 Operational planning and control9.1.1. Virtual Resource Management2.10 System and Service Security Management8.1.1 Virtualization Security
AppsDaemon Set, DeploymentNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
AppsDaemon Set, DeploymentContainers > ImageData ProtectionDigest and tag not set
HIGH
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
AppsStateful SetContainers > ProbeLogging MonitoringLiveness Probe Not Configured
MEDIUM
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
AppsStateful SetContainers > ProbeLogging MonitoringReadiness Probe Not Configured
MEDIUM
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
AppsStateful SetContainers > Resources > LimitsLogging MonitoringResource Limits Not Configured
HIGH
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
AppsStateful SetContainers > Resources > RequestsLogging MonitoringResource Requests Not Configured
HIGH
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
AppsStateful SetContainers > Env > Value From TypeData ProtectionUse of Secret environment variables
CRITICAL
8.1 Operational planning and control9.1.1. Virtual Resource Management2.10 System and Service Security Management8.1.1 Virtualization Security
AppsStateful SetContainers > Env From > TypeData ProtectionUse of Secret environment variables
CRITICAL
8.1 Operational planning and control9.1.1. Virtual Resource Management2.10 System and Service Security Management8.1.1 Virtualization Security
AppsStateful SetNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
AppsStateful SetContainers > ImageData ProtectionDigest and tag not set
HIGH
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
AutoscalingHorizontal Pod AutoscalerNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
BatchCron Job, JobNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
CoreConfig Map, Persistent Volume Claim, Secret, ServiceNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
CorePodContainers > ProbeLogging MonitoringLiveness Probe Not Configured
MEDIUM
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
CorePodContainers > ProbeLogging MonitoringReadiness Probe Not Configured
MEDIUM
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
CorePodContainers > Resources > LimitsLogging MonitoringResource Limits Not Configured
HIGH
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
CorePodContainers > Resources > RequestsLogging MonitoringResource Requests Not Configured
HIGH
8.1 Operational planning and control6.2.2. Redundancy and Backup2.9 System and Service Operation Management5.2.2 Service Availability
CorePodPod Security Context, Containers > Container Security ContextAccess ControlAccess Control Not Configured
HIGH
8.1 Operational planning and control10.1.1. Access Control Policy Establishment2.6 Access Control7.1.1 Access Control Policy
CorePodPod Security Context, Pod Security Context > Run As UserAccess ControlUse of root user
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
CorePodPod Security Context, Pod Security Context > Run As Non RootAccess ControlUse of root user
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
CorePodContainers > Container Security Context, Containers > Container Security Context > Run As UserAccess ControlUse of root user
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
CorePodContainers > Container Security Context, Containers > Container Security Context > Run As Non RootAccess ControlUse of root user
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
CorePodContainers > Env > Value From TypeData ProtectionUse of Secret environment variables
CRITICAL
8.1 Operational planning and control9.1.1. Virtual Resource Management2.10 System and Service Security Management8.1.1 Virtualization Security
CorePodContainers > Env From > TypeData ProtectionUse of Secret environment variables
CRITICAL
8.1 Operational planning and control9.1.1. Virtual Resource Management2.10 System and Service Security Management8.1.1 Virtualization Security
CorePodNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
CorePodContainers > ImageData ProtectionDigest and tag not set
HIGH
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
CoreService AccountAutomount Service Account TokenAccess ControlToken automatic mount setting
HIGH
8.1 Operational planning and control10.1.1. Access Control Policy Establishment2.6 Access Control7.1.1 Access Control Policy
CoreService AccountNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
HelmChartNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
NetworkingIngress, Network PolicyNamespaceData ProtectionUse of default namespace
MEDIUM
8.1 Operational planning and control12.1.4. Data Protection2.9 System and Service Operation Management10.1.4 Data Protection
RbacCluster RoleRule > Rule Type, Rule > Api GroupsAccess ControlWide range of permissions settings
CRITICAL
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
RbacCluster RoleRule > Rule Type, Rule > ResourcesAccess ControlWide range of permissions settings
CRITICAL
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
RbacCluster RoleRule > Rule Type, Rule > VerbsAccess ControlWide range of permissions settings
CRITICAL
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
RbacCluster RoleRule > Rule Type, Rule > VerbsAccess ControlWide range of permissions settings
CRITICAL
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
RbacCluster Role BindingSubject, Subject > KindAccess ControlAssign roles to the default service account
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
RbacRoleRule > Api GroupsAccess ControlWide range of permissions settings
CRITICAL
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
RbacRoleRule > ResourcesAccess ControlWide range of permissions settings
CRITICAL
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
RbacRoleRule > VerbsAccess ControlWide range of permissions settings
CRITICAL
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management
RbacRole BindingSubject, Subject > KindAccess ControlAssign roles to the default service account
HIGH
8.1 Operational planning and control10.2.1. User Registration and Authorization2.5 Authentication and Authorization Management7.2.2 Access Rights Management