Skip to content

Commit e4a5cc8

Browse files
PRMerger8PRMerger8
authored
Merge pull request #187835 from memildin/patch-13
Updated "configuration required" table
2 parents e4d2b8b + bfe2bb6 commit e4a5cc8

File tree

1 file changed

+8
-9
lines changed

1 file changed

+8
-9
lines changed

articles/defender-for-cloud/kubernetes-workload-protections.md

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -77,23 +77,22 @@ To configure the recommendations, install the **Azure Policy add-on for Kuberne
7777
7878
| Recommendation name | Security control | Configuration required |
7979
|-----------------------------------------------------------------------------|------------------------------------------|------------------------|
80+
| Container CPU and memory limits should be enforced | Protect applications against DDoS attack | **Yes** |
81+
| Container images should be deployed only from trusted registries | Remediate vulnerabilities | **Yes** |
8082
| Containers should listen on allowed ports only | Restrict unauthorized network access | **Yes** |
83+
| Least privileged Linux capabilities should be enforced for containers | Manage access and permissions | **Yes** |
84+
| Overriding or disabling of containers AppArmor profile should be restricted | Remediate security configurations | **Yes** |
8185
| Services should listen on allowed ports only | Restrict unauthorized network access | **Yes** |
8286
| Usage of host networking and ports should be restricted | Restrict unauthorized network access | **Yes** |
83-
| Overriding or disabling of containers AppArmor profile should be restricted | Remediate security configurations | **Yes** |
84-
| Container images should be deployed only from trusted registries | Remediate vulnerabilities | **Yes** |
85-
| Least privileged Linux capabilities should be enforced for containers | Manage access and permissions | **Yes** |
8687
| Usage of pod HostPath volume mounts should be restricted to a known list | Manage access and permissions | **Yes** |
87-
| Privileged containers should be avoided | Manage access and permissions | No |
8888
| Container with privilege escalation should be avoided | Manage access and permissions | No |
89-
| Kubernetes clusters should disable automounting API credentials | Manage access and permissions | No |
90-
| Immutable (read-only) root filesystem should be enforced for containers | Manage access and permissions | No |
91-
| Container with privilege escalation should be avoided | Manage access and permissions | No |
92-
| Running containers as root user should be avoided | Manage access and permissions | No |
9389
| Containers sharing sensitive host namespaces should be avoided | Manage access and permissions | No |
94-
| Container CPU and memory limits should be enforced | Protect applications against DDoS attack | No |
90+
| Immutable (read-only) root filesystem should be enforced for containers | Manage access and permissions | No |
9591
| Kubernetes clusters should be accessible only over HTTPS | Encrypt data in transit | No |
92+
| Kubernetes clusters should disable automounting API credentials | Manage access and permissions | No |
9693
| Kubernetes clusters should not use the default namespace | Implement security best practices | No |
94+
| Privileged containers should be avoided | Manage access and permissions | No |
95+
| Running containers as root user should be avoided | Manage access and permissions | No |
9796
||||
9897

9998

0 commit comments

Comments
 (0)