C-0241 - Use Azure RBAC for Kubernetes Authorization.

Prerequisites

Integrate with cloud provider (see here)

Framework

cis-aks-t1.2.0

Severity

High

Description of the the issue

The ability to manage RBAC for Kubernetes resources from Azure gives you the choice to manage RBAC for the cluster resources either using Azure or native Kubernetes mechanisms. When enabled, Azure AD principals will be validated exclusively by Azure RBAC while regular Kubernetes users and service accounts are exclusively validated by Kubernetes RBAC. Azure role-based access control (RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.With Azure RBAC, you create a role definition that outlines the permissions to be applied. You then assign a user or group this role definition via a role assignment for a particular scope. The scope can be an individual resource, a resource group, or across the subscription.

Related resources

What does this control test

The ability to manage RBAC for Kubernetes resources from Azure gives you the choice to manage RBAC for the cluster resources either using Azure or native Kubernetes mechanisms.

C-0241 - Use Azure RBAC for Kubernetes Authorization.

Prerequisites

Framework

Severity

Description of the the issue

Related resources

What does this control test

How to check it manually

Remediation

Impact Statement

Default Value

Example