Docs
HomeGitHubSign Up

C-0061 - Pods in default namespace

Suggest Edits

Framework

AllControls, ArmoBest, DevOpsBest

Severity

Low

Description of the the issue

It is recommended to avoid running pods in cluster without explicit namespace assignment. This may lead to wrong capabilities and permissions assignment and potential compromises. This control identifies all the pods running in the default namespace.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

Check that there are no pods in the 'default' namespace

Remediation

Create necessary namespaces and move all the pods from default namespace there.

Example

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  namespace: default
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80

Updated 3 months ago