Skip to content

Kubernetes (K8S) Misconfiguration

Name Description
k8s-dashboard-present Ensure the Kubernetes dashboard is not deployed
k8s-docker-daemon Do not expose the docker daemon socket to containers
k8s-host-namespace Containers should not share the host namespaces
k8s-immutable-image Image Tag should be fixed - not latest or blank
k8s-podsecuritypolicy-defined Ensure that if a Pod Security Policy exists, it enforces best practices.
k8s-rbac-wildcards Minimize wildcard use in Roles and ClusterRoles
k8s-resources-defined CPU, Memory requests and limit should be set
k8s-securitycontext-capabilities Minimize the admission of containers with added capability
k8s-securitycontext-defined Apply security context to your pods and containers
k8s-securitycontext-privileged Container should not be privileged
k8s-serviceaccount-default Ensure that default service accounts are not actively used
k8s-tiller-present Ensure that Tiller (Helm v2) is not deployed