lacework-global-352

4.6.3 Do not use default namespace (Manual)

Profile Applicability

• Level 2

Description

Kubernetes places objects in a default namespace if you do not specify a namespace for them. Placing objects in this namespace makes application of Role-Based Access Control (RBAC) and other controls more difficult.

Rationale

Resources in a Kubernetes cluster should be segregated by namespace, to allow for security controls to be applied at that level and to make it easier to manage resources.

Impact

None

Audit

Run this command to list objects in default namespace

kubectl get $(kubectl api-resources --verbs=list --namespaced=true -o name | paste -sd, -) --ignore-not-found -n default

The only entries there should be system managed resources such as the kubernetes service

Remediation

Create namespaces to allow for appropriate segregation of Kubernetes resources and creation of all new resources in a specific namespace.

4.6.3 Do not use default namespace (Manual)​

Profile Applicability​

Description​

Rationale​

Impact​

Audit​

Remediation​