C-0242 - Hostile multi-tenant workloads

Framework

cis-aks-t1.2.0, cis-eks-t1.2.0

Severity

Medium

Description of the the issue

Related resources

What does this control test

Currently, Kubernetes environments aren't safe for hostile multi-tenant usage. Extra security features, like Pod Security Policies or Kubernetes RBAC for nodes, efficiently block exploits. For true security when running hostile multi-tenant workloads, only trust a hypervisor. The security domain for Kubernetes becomes the entire cluster, not an individual node.

For these types of hostile multi-tenant workloads, you should use physically isolated clusters. For more information on ways to isolate workloads, see Best practices for cluster isolation in AKS.

C-0242 - Hostile multi-tenant workloads

Framework

Severity

Description of the the issue

Related resources

What does this control test

How to check it manually

Remediation

Impact Statement

Default Value

Example