lacework-global-756

Ensure that the Container Network Interface (CNI) in use supports Network Policies (Manual)

Description

There are a variety of CNI plugins available for Kubernetes. If the CNI in use does not support Network Policies it may not be possible to effectively restrict traffic in the cluster.

Remediation

To use a CNI plugin with Network Policy, enable Network Policy in Google Kubernetes Engine (GKE).

References

https://kubernetes.io/docs/concepts/services-networking/network-policies/
https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/
https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview

Additional Information

One example here is Flannel (https://github.com/flannel-io/flannel) which does not support Network policy unless Calico is also in use.

Ensure that the Container Network Interface (CNI) in use supports Network Policies (Manual)​

Description​

Remediation​

References​

Additional Information​

Ensure that the Container Network Interface (CNI) in use supports Network Policies (Manual)

Description

Remediation

References

Additional Information