Related information
- 3.1.1 - Ensure that the kubeconfig file permissions are set to 644 or more restrictive (Automated)
- 3.1.2 - Ensure that the kubelet kubeconfig file ownership is set to root:root (Automated)
- 3.1.3 - Ensure that the azure.json file has permissions set to 644 or more restrictive (Automated)
- 3.1.4 - Ensure that the azure.json file ownership is set to root:root (Automated)
- 3.2.1 - Ensure that the --anonymous-auth argument is set to false (Automated)
- 3.2.2 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
- 3.2.3 - Ensure that the --client-ca-file argument is set as appropriate (Automated)
- 3.2.4 - Ensure that the --read-only-port is secured (Automated)
- 3.2.5 - Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Automated)
- 3.2.6 - Ensure that the --make-iptables-util-chains argument is set to true (Automated)
- 3.2.7 - Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture (Automated)
- 3.2.8 - Ensure that the --rotate-certificates argument is not set to false (Automated)
- 3.2.9 - Ensure that the RotateKubeletServerCertificate argument is set to true (Automated)
- 4.1.1 - Ensure that the cluster-admin role is only used where required (Automated)
- 4.1.2 - Minimize access to secrets (Automated)
- 4.1.3 - Minimize wildcard use in Roles and ClusterRoles (Automated)
- 4.1.4 - Minimize access to create pods (Automated)
- 4.1.5 - Ensure that default service accounts are not actively used (Automated)
- 4.1.6 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
- 4.2.1 - Minimize the admission of privileged containers (Automated)
- 4.2.2 - Minimize the admission of containers wishing to share the host process ID namespace (Automated)
- 4.2.3 - Minimize the admission of containers wishing to share the host IPC namespace (Automated)
- 4.2.4 - Minimize the admission of containers wishing to share the host network namespace (Automated)
- 4.2.5 - Minimize the admission of containers with allowPrivilegeEscalation (Automated)
- 4.4.2 - Ensure that all Namespaces have Network Policies defined (Automated)
- 4.5.1 - Prefer using secrets as files over secrets as environment variables (Automated)
- 4.6.3 - The default namespace should not be used (Automated)
- 5.4.1 - Restrict Access to the Control Plane Endpoint (Automated)
- 5.4.2 - Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled (Automated)
- 5.4.3 - Ensure clusters are created with Private Nodes (Automated)
- 5.4.4 - Ensure Network Policy is Enabled and set as appropriate (Automated)