Kubernetes cluster pod security restricted standards for Linux-based workloads

Azure BuiltIn Policy Initiative (PolicySet)

Policy types

Policy states

Policy categories

Total Policies: 8
Builtin Policies: 8
Static Policies: 0

GA: 8

1 categories:

Kubernetes: 8

Policy DisplayName

Policy Id

Category

Version

Versioning

Effect

Roles#

Roles

State

policy in AzUSGov

Kubernetes cluster containers should not share host process ID or host IPC namespace

47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8

Kubernetes

5.2.0

2x
5.2.0, 5.1.0

Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled

true

Kubernetes cluster containers should only use allowed capabilities

c26596ff-4d70-4e6a-9a30-c2506bd2f80c

Kubernetes

6.2.0

2x
6.2.0, 6.1.0

Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled

true

Kubernetes cluster containers should only use allowed seccomp profiles

975ce327-682c-4f2e-aa46-b9598289b86c

Kubernetes

7.2.0

2x
7.2.0, 7.1.1

Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled

true

Kubernetes cluster pods and containers should only run with approved user and group IDs

f06ddb64-5fa3-4b77-b166-acb36f7f6042

Kubernetes

6.2.0

2x
6.2.0, 6.1.1

Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled

true

Kubernetes cluster pods should only use allowed volume types

16697877-1118-4fb1-9b65-9898ec2509ec

Kubernetes

5.2.0

2x
5.2.0, 5.1.1

Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled

true

Kubernetes cluster pods should only use approved host network and port range

82985f06-dc18-4a48-bc1c-b9f4f0098cfe

Kubernetes

6.2.0

2x
6.2.0, 6.1.0

Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled

true

Kubernetes cluster should not allow privileged containers

95edb821-ddaf-4404-9732-666045e056b4

Kubernetes

9.2.0

2x
9.2.0, 9.1.0

Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled

true

Kubernetes clusters should not allow container privilege escalation

1c6e92c9-99f0-4e55-9cf2-0c234dc48f99

Kubernetes

7.2.0

2x
7.2.0, 7.1.0

Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled

true

Date/Time (UTC ymd) (i)

Changes

2024-02-05 19:34:05

Version change: '2.4.0' to '2.5.0'

2023-05-04 17:45:12

Version change: '2.3.1' to '2.4.0'

2022-09-27 16:35:21

Version change: '2.3.0' to '2.3.1'

2022-09-21 16:34:39

Description change: 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'

2022-05-19 16:30:35

Version change: '2.2.0' to '2.3.0'

2022-02-24 18:28:50

Version change: '2.1.1' to '2.2.0'

2020-10-13 13:23:38

Description change: 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'

2020-09-15 14:06:41

Name change: '[Preview]: Kubernetes cluster pod security restricted standards for Linux-based workloads' to 'Kubernetes cluster pod security restricted standards for Linux-based workloads'

2020-07-14 15:28:17

add Policy Kubernetes cluster containers should only use allowed seccomp profiles (975ce327-682c-4f2e-aa46-b9598289b86c)

2020-07-08 14:28:36

add Initiative 42b8ef37-b724-4e24-bbc8-7a7708edfe00