lacework-global-781
Enable Pod Security Policy and set as appropriate (Manual)
Description
Use Pod Security Policy to prevent privileged containers where possible and enforce namespace and workload configurations.
Remediation
Note: Kubernetes deprecated Pod Security Policy as of Kubernetes version 1.21, and removed as of Kubernetes version 1.25. This policy remains for posterity but does not exist in Center for Internet Security (CIS) Google Kubernetes Engine (GKE) v1.5.0 and higher.
Using Google Cloud Console:
There is no means of enabling the Pod Security Policy Admission controller on an existing or new cluster from the console.
Using Command Line:
To enable Pod Security Policy for an existing cluster, run the following command:
gcloud container clusters update <cluster_name> --zone <compute_zone> --enable-pod-security-policy
References
https://cloud.google.com/kubernetes-engine/docs/deprecations/podsecuritypolicy
https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/
Additional Information
Kubernetes deprecated Pod Security Policy in Kubernetes as of v1.21, and removed as of v1.25.