AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

Kubernetes cluster pod security restricted standards for Linux-based workloads

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

Kubernetes cluster pod security restricted standards for Linux-based workloads

42b8ef37-b724-4e24-bbc8-7a7708edfe00

Version

2.5.0
Details on versioning

Versioning

Versions supported for Versioning: 2
2.4.0
2.5.0
Built-in Versioning [Preview]

Category

Kubernetes
Microsoft Learn

Description

This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.

Type

BuiltIn

Deprecated

False

Preview

False

Policy count

Total Policies: 8
Builtin Policies: 8
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	State
Kubernetes cluster containers should not share host process ID or host IPC namespace	47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster containers should only use allowed capabilities	c26596ff-4d70-4e6a-9a30-c2506bd2f80c	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster containers should only use allowed seccomp profiles	975ce327-682c-4f2e-aa46-b9598289b86c	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster pods and containers should only run with approved user and group IDs	f06ddb64-5fa3-4b77-b166-acb36f7f6042	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster pods should only use allowed volume types	16697877-1118-4fb1-9b65-9898ec2509ec	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster pods should only use approved host network and port range	82985f06-dc18-4a48-bc1c-b9f4f0098cfe	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster should not allow privileged containers	95edb821-ddaf-4404-9732-666045e056b4	Kubernetes	Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes clusters should not allow container privilege escalation	1c6e92c9-99f0-4e55-9cf2-0c234dc48f99	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA

Roles used

No Roles used

History

Date/Time (UTC ymd) (i)	Changes
2024-02-05 19:34:05	Version change: '2.4.0' to '2.5.0'
2023-05-04 17:45:12	Version change: '2.3.1' to '2.4.0'
2022-09-27 16:35:21	Version change: '2.3.0' to '2.3.1'
2022-09-21 16:34:39	Description change: 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'
2022-05-19 16:30:35	Version change: '2.2.0' to '2.3.0'
2022-02-24 18:28:50	Version change: '2.1.1' to '2.2.0'
2020-10-13 13:23:38	Description change: 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'
2020-09-15 14:06:41	Name change: '[Preview]: Kubernetes cluster pod security restricted standards for Linux-based workloads' to 'Kubernetes cluster pod security restricted standards for Linux-based workloads'
2020-07-14 15:28:17	add Policy Kubernetes cluster containers should only use allowed seccomp profiles (975ce327-682c-4f2e-aa46-b9598289b86c)
2020-07-08 14:28:36	add Initiative 42b8ef37-b724-4e24-bbc8-7a7708edfe00

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC