Skip to content

Add rego rule to check for windows securityContext compliance #317

New issue
New issue
Open
Open
Add rego rule to check for windows securityContext compliance#317
Labels
enhancementNew feature or requestgood first issueGood for newcomers
@alegrey91

Description

@alegrey91
alegrey91
opened on Mar 6, 2023

In order to support Windows system, we should add rego rules to check for securityContext parameters also for this OS.
Reading from the official documentation, we should implement a control for each of the following listed fields: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#windowssecuritycontextoptions-v1-core
So, the new checks to be added, are the following:

  • gmsaCredentialSpec
  • gmsaCredentialSpecName
  • hostProcess
  • runAsUserName

The equivalent rules should be named like so:

  • set-gmsacredentialspec-value
  • set-gmsacredentialspecname-value
  • set-hostprocess-true (checking also if WindowsHostProcessContainers feature flag is enabled in api-server)
  • runAsUserName

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomers

    Type

    No type

    Projects

    Kubescaping

    Status

    Feature

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions