Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIS Kubernetes Benchmark 1.5.1 # 5.1 #8

Open
5 of 6 tasks
saurabhpandit opened this issue Jun 10, 2020 · 2 comments · Fixed by xunholy/k8s-gitops#32 or xunholy/k8s-gitops#39
Open
5 of 6 tasks

CIS Kubernetes Benchmark 1.5.1 # 5.1 #8

saurabhpandit opened this issue Jun 10, 2020 · 2 comments · Fixed by xunholy/k8s-gitops#32 or xunholy/k8s-gitops#39
Assignees
@saurabhpandit
Labels
feature_request

Comments

@saurabhpandit
Copy link
Member

saurabhpandit commented Jun 10, 2020
edited
Loading

5.1 RBAC and Service Accounts

  • 5.1.1 Ensure that the cluster-admin role is only used where required
  • 5.1.2 Minimize access to secrets
  • 5.1.3 Minimize wildcard use in Roles and ClusterRoles
  • 5.1.4 Minimize access to create pods
  • 5.1.5 Ensure that default service accounts are not actively used
  • 5.1.6 Ensure that Service Account Tokens are only mounted where necessary
@issue-label-bot
Copy link

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.56. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

saurabhpandit referenced this issue in xunholy/k8s-gitops Jun 12, 2020
@saurabhpandit
Merge pull request #32 from raspbernetes/feature/#26-cis-benchmark-5-1
b3219e1 
CIS Policy 5.1.1 -  disallow clusterrole binding to cluster-admin
@xunholy xunholy reopened this Jun 15, 2020
@xunholy xunholy transferred this issue from xunholy/k8s-gitops Jun 22, 2020
@issue-label-bot
Copy link

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.56. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@saurabhpandit saurabhpandit

Labels
feature_request
Projects
None yet
Milestone
No milestone
2 participants
@saurabhpandit @xunholy