You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.3 KiB
32 lines
1.3 KiB
---
|
|
controls:
|
|
version: "aks-1.0"
|
|
id: 2
|
|
text: "Control Plane Configuration"
|
|
type: "controlplane"
|
|
groups:
|
|
- id: 2.1
|
|
text: "Authentication and Authorization"
|
|
checks:
|
|
- id: 2.1.1
|
|
text: "Enable Azure Active Directory Integration"
|
|
type: "manual"
|
|
remediation: |
|
|
Use of OIDC should be implemented in place of client certificates. Cluster administrators can configure Kubernetes role-based access control (RBAC) based on a user's identity or directory group membership. Azure AD authentication is provided to AKS clusters with OpenID Connect. See https://docs.microsoft.com/en-us/azure/aks/managed-aad.
|
|
scored: false
|
|
- id: 2.1.2
|
|
text: "Limit access to cluster configuration file"
|
|
type: "manual"
|
|
remediation: |
|
|
Use Azure role-based access control to define access to the Kubernetes configuration file in Azure Kubernetes Service (AKS). See https://docs.microsoft.com/en-us/azure/aks/control-kubeconfig-access
|
|
scored: false
|
|
|
|
- id: 2.2
|
|
text: "Logging"
|
|
checks:
|
|
- id: 2.2.1
|
|
text: "Enable logging for the Kubernetes master components"
|
|
type: "manual"
|
|
remediation: "Enable log collection for the Kubernetes master components in the AKS cluster using Diagnostic settings."
|
|
scored: false
|