Benchmark: 5.7.4 The default namespace should not be used
Description
Kubernetes provides a default namespace, where objects are placed if no namespace is specified for them. Placing objects in this namespace makes application of RBAC and other controls more difficult.
Remediation
Ensure that namespaces are created to allow for appropriate segregation of Kubernetes resources and that all new resources are created in a specific namespace.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-kubernetes-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 5.7.4 The default namespace should not be used.
Run this benchmark in your terminal:
powerpipe benchmark run kubernetes_compliance.benchmark.cis_kube_v120_v100_5_7_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run kubernetes_compliance.benchmark.cis_kube_v120_v100_5_7_4 --shareControls
- ConfigMap definition should not use default namespace
- CronJob definition should not use default namespace
- DaemonSet definition should not use default namespace
- Deployment definition should not use default namespace
- Ingress definition should not use default namespace
- Job definition should not use default namespace
- Pods should not use default namespace
- ReplicaSet definition should not use default namespace
- ReplicationController definition should not use default namespace
- RoleBinding definition should not use default namespace
- Role definition should not use default namespace
- Secret definition should not use default namespace
- ServiceAccount definition should not use default namespace
- Services should not use default namespace
- StatefulSet definition should not use default namespace