Skip to content

Latest commit

 

History

History

nsa-cisa-k8s-v1.2

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.krmignore
.krmignore
 
 
Kptfile
Kptfile
 
 
README.md
README.md
 
 
apparmor.yaml
apparmor.yaml
 
 
automount-serviceaccount-token-pod.yaml
automount-serviceaccount-token-pod.yaml
 
 
block-all-ingress.yaml
block-all-ingress.yaml
 
 
block-secrets-of-type-basic-auth.yaml
block-secrets-of-type-basic-auth.yaml
 
 
capabilities.yaml
capabilities.yaml
 
 
cpu-and-memory-limits-required.yaml
cpu-and-memory-limits-required.yaml
 
 
host-namespaces.yaml
host-namespaces.yaml
 
 
host-network.yaml
host-network.yaml
 
 
hostport.yaml
hostport.yaml
 
 
kustomization.yaml
kustomization.yaml
 
 
privilege-escalation.yaml
privilege-escalation.yaml
 
 
privileged-containers.yaml
privileged-containers.yaml
 
 
readonlyrootfilesystem.yaml
readonlyrootfilesystem.yaml
 
 
require-namespace-network-policies.yaml
require-namespace-network-policies.yaml
 
 
restrict-clusteradmin-rolebindings.yaml
restrict-clusteradmin-rolebindings.yaml
 
 
restrict-edit-rolebindings.yaml
restrict-edit-rolebindings.yaml
 
 
restrict-hostpath-volumes.yaml
restrict-hostpath-volumes.yaml
 
 
restrict-pods-exec.yaml
restrict-pods-exec.yaml
 
 
running-as-non-root.yaml
running-as-non-root.yaml
 
 
seccomp.yaml
seccomp.yaml
 
 
selinux.yaml
selinux.yaml
 
 

README.md

NSA CISA Kubernetes Hardening Guide v1.2

Description

Use the NSA CISA Kubernetes Hardening Guide v1.2 policy bundle with Policy Controller to evaluate the compliance of your cluster resources against some aspects of the NSA CISA Kubernetes Hardening Guide v1.2.

The NSA CISA Kubernetes Hardening Guide v1.2 publication provide more details about the controls targeted by this policy bundle.

Compatibility

This bundle requires Policy Controller version 1.15.2 or higher.

Usage

(Optional) Preview the policy constraints with kubectl:

kubectl kustomize https://github.com/GoogleCloudPlatform/gke-policy-library.git/anthos-bundles/nsa-cisa-k8s-v1.2

Apply the policy constraints with kubectl:

kubectl apply -k https://github.com/GoogleCloudPlatform/gke-policy-library.git/anthos-bundles/nsa-cisa-k8s-v1.2

For more information visit:

https://cloud.google.com/anthos-config-management/docs/how-to/using-nsa-cisa-k8s