K8S API server configuration without NodeRestriction admissions control plugin

Best practices

K8S API server configuration without NodeRestriction admissions control plugin

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCPA
CPRA
ISO/IEC 27001
K8s CIS
K8s OWASP Top 10
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
STIG K8s
UK Cyber Essentials

Description

It was found that the API server configuration admission control plugins parameter does not include 'NodeRestriction'. An admission controller is a code which being executed after the request authentication and authorization in order to validate it or change it. This admission controller limits the node and pos objects a kubelet can modify.

Recommended Mitigation

It is recommended to include the NodeRestriction plugin in the '--enable-admission-plugins' parameter.

K8S API server configuration without NodeRestriction admissions control plugin

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS