Kubescape C-0046: Deny resources with insecure capabilities

Why this policy is required:

Giving insecure and unnecessary capabilities for a container can increase the impact of a container compromise.

Severity Level: High

Configuration Parameters:

insecureCapabilities

Resources this policy could be applied to:

CronJob
DaemonSet
Deployment
Job
Pod
ReplicaSet
StatefulSet

What does this policy do:

This Policy compares all the capabilities in every container against a configurable blacklist of insecureCapabilities. If there is a match, the resource is denied from being deployed in the cluster.

Implementing this policy in the Cluster:

Refer here for using the policy in the cluster

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

kubescape-c-0046-deny-resources-with-insecure-capabilities.md

kubescape-c-0046-deny-resources-with-insecure-capabilities.md

Kubescape C-0046: Deny resources with insecure capabilities

Why this policy is required:

Severity Level: High

Configuration Parameters:

Resources this policy could be applied to:

What does this policy do:

Implementing this policy in the Cluster:

Files

kubescape-c-0046-deny-resources-with-insecure-capabilities.md

Latest commit

History

kubescape-c-0046-deny-resources-with-insecure-capabilities.md

File metadata and controls

Kubescape C-0046: Deny resources with insecure capabilities

Why this policy is required:

Severity Level: High

Configuration Parameters:

Resources this policy could be applied to:

What does this policy do:

Implementing this policy in the Cluster: