C-0241 - Use Azure RBAC for Kubernetes Authorization.
Prerequisites
Integrate with cloud provider (see here)
Framework
cis-aks-t1.2.0
Severity
High
Description of the the issue
The ability to manage RBAC for Kubernetes resources from Azure gives you the choice to manage RBAC for the cluster resources either using Azure or native Kubernetes mechanisms. When enabled, Azure AD principals will be validated exclusively by Azure RBAC while regular Kubernetes users and service accounts are exclusively validated by Kubernetes RBAC. Azure role-based access control (RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.With Azure RBAC, you create a role definition that outlines the permissions to be applied. You then assign a user or group this role definition via a role assignment for a particular scope. The scope can be an individual resource, a resource group, or across the subscription.
Related resources
What does this control test
The ability to manage RBAC for Kubernetes resources from Azure gives you the choice to manage RBAC for the cluster resources either using Azure or native Kubernetes mechanisms.
How to check it manually
Remediation
Set Azure RBAC as access system.
Impact Statement
Default Value
Example
No example
Updated 3 months ago