Set default values to a secure value - Azure Kubernetes Services

All default values should comply with a security baseline, e.g. [NIST 800](https://docs.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-53-r5)

The [build-in policies of Azure](https://github.com/Azure/azure-policy) can be used as a reference.

The task would be to scan over each of the following policies and make sure, that the module is per default complying to them.

The following policies are the NIST 800 ones:

- [x] \built-in-policies\policyDefinitions\Kubernetes\AKS_AzurePolicyAddOn_Audit.json
- [x] \built-in-policies\policyDefinitions\Kubernetes\AKS_CMK_Deny.json
- [x] \built-in-policies\policyDefinitions\Kubernetes\AKS_EncryptionAtHost_Deny.json
- [ ] \built-in-policies\policyDefinitions\Kubernetes\\[AllowedHostPaths.json](https://github1s.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json) 
    -  Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\\[AllowedUsersGroups.json](https://github1s.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json)
    -  Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\ASC_Azure_Defender_Kubernetes_Arc_Extension_Audit.json
    -  On-Premise?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\\[BlockHostNamespace.json](https://github1s.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/BlockHostNamespace.json)
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\\[ContainerAllowedCapabilities.json](https://github1s.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedCapabilities.json)
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\ContainerAllowedImages.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\ContainerAllowedPorts.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\ContainerNoPrivilege.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\ContainerNoPrivilegeEscalation.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\ContainerResourceLimits.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\EnforceAppArmorProfile.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\HostNetworkPorts.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\IngressHttpsOnly.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\ReadOnlyRootFileSystem.json
    - Cluster internal?
- [ ] \built-in-policies\policyDefinitions\Kubernetes\ServiceAllowedPorts.json
    - Cluster internal?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set default values to a secure value - Azure Kubernetes Services #785

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Set default values to a secure value - Azure Kubernetes Services #785

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions