4.6.3 Apply Security Context to Pods and Containers

Information

Apply Security Context to Pods and Containers

A security context defines the operating system security settings (uid, gid, capabilities, SELinux role, etc..) applied to a container. When designing containers and pods, make sure that the security context is configured for pods, containers, and volumes. A security context is a property defined in the deployment yaml. It controls the security parameters that will be assigned to the pod/container/volume. There are two levels of security context: pod level security context, and container level security context.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Follow the Kubernetes documentation and apply security contexts to your pods. For a suggested list of security contexts, you may refer to the CIS Google Container-Optimized OS Benchmark.

Impact:

If you incorrectly apply security contexts, there may be issues running the pods.

See Also

https://workbench.cisecurity.org/benchmarks/19166

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|5.1

Plugin: GCP

Control ID: 21de26c84e90f4f970da081d932bbb2541c77b8d18241f258c4c6c29b6f56af4