ACK cluster without network policy enabled

Network misconfigurations

ACK cluster without network policy enabled

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AliCloud CIS
CCPA
cis_8
CPRA
ISO 27701
ISO/IEC 27001
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-190
NIST 800-53
PDPA

Description

Alibaba Cloud Container Service for Kubernetes (ACK) is a managed service compatible with Kubernetes to help users manage their containerized applications. It was detected that the Kubernetes cluster {AliCloudAckCluster} doesn't have network policy enabled. Pods in a Kubernetes cluster can communicate with one another by default which poses risks in production environments. A network policy allows you to control how pod groups can communicate with one another and with other network endpoints. Note, Kubernetes network policies are supported only by the Terway network plugin.

Recommended Mitigation

It is recommended to enable network policy and create clusters with Terway network plugin. Network policy is supported only by the Terway network plugin.

ACK cluster without network policy enabled

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS