last sync: 2024-Oct-04 17:51:48 UTC

Kubernetes cluster pod security restricted standards for Linux-based workloads

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameKubernetes cluster pod security restricted standards for Linux-based workloads
Id42b8ef37-b724-4e24-bbc8-7a7708edfe00
Version2.5.0
Details on versioning
Versioning Versions supported for Versioning: 2
2.4.0
2.5.0
Built-in Versioning [Preview]
CategoryKubernetes
Microsoft Learn
DescriptionThis initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 8
Builtin Policies: 8
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Kubernetes cluster containers should not share host process ID or host IPC namespace 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should only use allowed capabilities c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should only use allowed seccomp profiles 975ce327-682c-4f2e-aa46-b9598289b86c Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pods and containers should only run with approved user and group IDs f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pods should only use allowed volume types 16697877-1118-4fb1-9b65-9898ec2509ec Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pods should only use approved host network and port range 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster should not allow privileged containers 95edb821-ddaf-4404-9732-666045e056b4 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes clusters should not allow container privilege escalation 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2024-02-05 19:34:05 Version change: '2.4.0' to '2.5.0'
2023-05-04 17:45:12 Version change: '2.3.1' to '2.4.0'
2022-09-27 16:35:21 Version change: '2.3.0' to '2.3.1'
2022-09-21 16:34:39 Description change: 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'
2022-05-19 16:30:35 Version change: '2.2.0' to '2.3.0'
2022-02-24 18:28:50 Version change: '2.1.1' to '2.2.0'
2020-10-13 13:23:38 Description change: 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'
2020-09-15 14:06:41 Name change: '[Preview]: Kubernetes cluster pod security restricted standards for Linux-based workloads' to 'Kubernetes cluster pod security restricted standards for Linux-based workloads'
2020-07-14 15:28:17 add Policy Kubernetes cluster containers should only use allowed seccomp profiles (975ce327-682c-4f2e-aa46-b9598289b86c)
2020-07-08 14:28:36 add Initiative 42b8ef37-b724-4e24-bbc8-7a7708edfe00
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC