ClusterScan, AllControls, ArmoBest, NSA, WorkloadScan, security
We have it in ArmoBest
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
Only connect PODs to host network when it is necessary. If not, set the hostNetwork field of the pod spec to false, or completely remove it (false is the default). Whitelist only those PODs that must have access to host network by design.
apiVersion: v1 kind: Pod metadata: name: ubuntu labels: app: ubuntu spec: containers: - image: ubuntu name: ubuntu hostNetwork: true # we look for this attribute
Updated 15 days ago