1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-28 01:18:22 +00:00
kube-bench/cfg/aks-1.0/controlplane.yaml

32 lines
1.3 KiB
YAML
Raw Normal View History

---
controls:
version: "aks-1.0"
id: 2
text: "Control Plane Configuration"
type: "controlplane"
groups:
- id: 2.1
text: "Authentication and Authorization"
checks:
- id: 2.1.1
text: "Enable Azure Active Directory Integration"
type: "manual"
remediation: |
Use of OIDC should be implemented in place of client certificates. Cluster administrators can configure Kubernetes role-based access control (RBAC) based on a user's identity or directory group membership. Azure AD authentication is provided to AKS clusters with OpenID Connect. See https://docs.microsoft.com/en-us/azure/aks/managed-aad.
scored: false
- id: 2.1.2
text: "Limit access to cluster configuration file"
type: "manual"
remediation: |
Use Azure role-based access control to define access to the Kubernetes configuration file in Azure Kubernetes Service (AKS). See https://docs.microsoft.com/en-us/azure/aks/control-kubeconfig-access
scored: false
- id: 2.2
text: "Logging"
checks:
- id: 2.2.1
text: "Enable logging for the Kubernetes master components"
type: "manual"
remediation: "Enable log collection for the Kubernetes master components in the AKS cluster using Diagnostic settings."
scored: false