C-0242 - Hostile multi-tenant workloads
Framework
cis-eks-t1.2.0, cis-aks-t1.2.0
Severity
Medium
Description of the the issue
Related resources
What does this control test
Currently, Kubernetes environments aren't safe for hostile multi-tenant usage. Extra security features, like Pod Security Policies or Kubernetes RBAC for nodes, efficiently block exploits. For true security when running hostile multi-tenant workloads, only trust a hypervisor. The security domain for Kubernetes becomes the entire cluster, not an individual node.
For these types of hostile multi-tenant workloads, you should use physically isolated clusters. For more information on ways to isolate workloads, see Best practices for cluster isolation in AKS.
How to check it manually
Remediation
Impact Statement
Default Value
Example
No example
Updated 3 months ago