lacework-global-781

Enable Pod Security Policy and set as appropriate (Manual)

Description

Use Pod Security Policy to prevent privileged containers where possible and enforce namespace and workload configurations.

Remediation

Note: Kubernetes deprecated Pod Security Policy as of Kubernetes version 1.21, and removed as of Kubernetes version 1.25. This policy remains for posterity but does not exist in Center for Internet Security (CIS) Google Kubernetes Engine (GKE) v1.5.0 and higher.

Using Google Cloud Console:

There is no means of enabling the Pod Security Policy Admission controller on an existing or new cluster from the console.

Using Command Line:

To enable Pod Security Policy for an existing cluster, run the following command:

gcloud container clusters update <cluster_name> --zone <compute_zone> --enable-pod-security-policy

References

https://cloud.google.com/kubernetes-engine/docs/deprecations/podsecuritypolicy
https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/

Additional Information

Kubernetes deprecated Pod Security Policy in Kubernetes as of v1.21, and removed as of v1.25.

Enable Pod Security Policy and set as appropriate (Manual)​

Description​

Remediation​

References​

Additional Information​

Enable Pod Security Policy and set as appropriate (Manual)

Description

Remediation

References

Additional Information