Kubernetes STIG V2R4
DoD Security Technical Implementation Guide for Kubernetes container orchestration
Showing 20 findings in CAT I (High)
api-server — API Server (8 findings)
V-242386The Kubernetes API server must have the insecure port flag disabled.
V-242388The Kubernetes API server must have the insecure bind address not set.
V-242390The Kubernetes API server must have anonymous authentication disabled.
V-242436The Kubernetes API server must have the ValidatingAdmissionWebhook enabled.
V-245542Kubernetes API Server must disable basic authentication to protect information in transit.
V-245543Kubernetes API Server must disable token authentication to protect information in transit.
V-245544Kubernetes endpoints must use approved organizational certificate and key pair to protect information in transit.
V-254800Kubernetes must have a Pod Security Admission control file configured.
controller-manager — Controller Manager (1 findings)
general — General (1 findings)
kubelet — Kubelet (6 findings)
V-242387The Kubernetes Kubelet must have the "readOnlyPort" flag disabled.
V-242391The Kubernetes Kubelet must have anonymous authentication disabled.
V-242392The Kubernetes kubelet must enable explicit authorization.
V-242397The Kubernetes kubelet staticPodPath must not enable static pods.
V-242434Kubernetes Kubelet must enable kernel protection.
V-254801Kubernetes must enable PodSecurity admission controller on static pods and Kubelets.