Profile applicability: Level 2
Kubernetes provides a default namespace, where objects are placed if no namespace
is specified for them. Placing objects in this namespace makes application of RBAC
and other controls more difficult.
Resources in a Kubernetes cluster should be segregated by namespace, to allow for
security controls to be applied at that level and to make it easier to manage resources.
 |
NoteUnless a namespace is specific on object creation, the
default namespace will be used. |
Audit
To list all Kubernetes objects in the default namespace of your GKE cluster, use:
kubectl get all -n default
or
kubectl get all -n default -o wide
If you want a complete inventory of all resource types in the default namespace:
kubectl get all,configmaps,secrets,pvc,ingress,serviceaccounts,networkpolicies -n default
Remediation
Ensure that namespaces are created to allow for appropriate segregation of Kubernetes
resources and that all new resources are created in a specific namespace.