Run Kubescape with host sensor (see here)
cis-aks-t1.2.0, cis-eks-t1.2.0, cis-v1.23-t1.0.1
Kubernetes network policies are enforced by the CNI plugin in use. As such it is important to ensure that the CNI plugin supports both Ingress and Egress network policies.
There are a variety of CNI plugins available for Kubernetes. If the CNI in use does not support Network Policies it may not be possible to effectively restrict traffic in the cluster.
Review the documentation of CNI plugin in use by the cluster, and confirm that it supports Ingress and Egress network policies.
If the CNI plugin in use does not support network policies, consideration should be given to making use of a different plugin, or finding an alternate mechanism for restricting traffic in the Kubernetes cluster.
This will depend on the CNI plugin in use.
Updated 6 days ago