Network misconfigurations

ACK cluster without network policy enabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Alibaba Cloud Container Service for Kubernetes (ACK) is a managed service compatible with Kubernetes to help users manage their containerized applications. It was detected that the Kubernetes cluster {AliCloudAckCluster} doesn't have network policy enabled. Pods in a Kubernetes cluster can communicate with one another by default which poses risks in production environments. A network policy allows you to control how pod groups can communicate with one another and with other network endpoints. Note, Kubernetes network policies are supported only by the Terway network plugin.
  • Recommended Mitigation

    It is recommended to enable network policy and create clusters with Terway network plugin. Network policy is supported only by the Terway network plugin.