Workload misconfigurations

Kubernetes node’s kubelet make-iptables-util-chains is set false

Platform(s)
  • Non-platform specific

Compliance Frameworks
  • AKS CIS
  • ,
  • CCPA
  • ,
  • CPRA
  • ,
  • EKS CIS
  • ,
  • GKE CIS
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • K8s CIS
  • ,
  • K8s OWASP Top 10
  • ,
  • NIST 800-171
  • ,
  • NIST 800-190
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

The kubelet reads various parameters, including security settings, from a config file. Kubelets can automatically manage the required changes to iptables based on how you choose your networking options for the pods. It is recommended to let kubelets manage the changes to iptables. This ensures that the iptables configuration remains in sync with pods networking configuration. Manually configuring iptables with dynamic pod network configuration changes might hamper the communication between pods/containers and to the outside world. Orca has detected that the MakeIPTablesUtilChains flag is set to false on {K8sNode.Vm}.