1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-21 14:18:06 +00:00
kube-bench/cfg/aks-1.0/controlplane.yaml
Borko ab3881420c
Created config and test files for Azure Kubernetes Service (AKS). (#733)
* First draft of AKS configuration checks.

* Updated Azure Configurations. Added more policy checks.

* Finalized cfg components for AKS.

* Fixed targets for aks-1.0 in common_test.go

* Fixed yaml linting issues.

* Fixed white space yaml linkting issues in policies.yaml

* Fixed white space yaml linting issues in policies.yaml
2020-11-16 14:35:57 +02:00

32 lines
1.3 KiB
YAML

---
controls:
version: "aks-1.0"
id: 2
text: "Control Plane Configuration"
type: "controlplane"
groups:
- id: 2.1
text: "Authentication and Authorization"
checks:
- id: 2.1.1
text: "Enable Azure Active Directory Integration"
type: "manual"
remediation: |
Use of OIDC should be implemented in place of client certificates. Cluster administrators can configure Kubernetes role-based access control (RBAC) based on a user's identity or directory group membership. Azure AD authentication is provided to AKS clusters with OpenID Connect. See https://docs.microsoft.com/en-us/azure/aks/managed-aad.
scored: false
- id: 2.1.2
text: "Limit access to cluster configuration file"
type: "manual"
remediation: |
Use Azure role-based access control to define access to the Kubernetes configuration file in Azure Kubernetes Service (AKS). See https://docs.microsoft.com/en-us/azure/aks/control-kubeconfig-access
scored: false
- id: 2.2
text: "Logging"
checks:
- id: 2.2.1
text: "Enable logging for the Kubernetes master components"
type: "manual"
remediation: "Enable log collection for the Kubernetes master components in the AKS cluster using Diagnostic settings."
scored: false