AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

Kubernetes cluster pod security baseline standards for Linux-based workloads

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

Kubernetes cluster pod security baseline standards for Linux-based workloads

a8640138-9b0a-4a28-b8cb-1666c838647d

Version

1.4.0
Details on versioning

Category

Kubernetes
Microsoft Learn

Description

This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.

Type

BuiltIn

Deprecated

False

Preview

False

Policy count

Total Policies: 5
Builtin Policies: 5
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	State
Kubernetes cluster containers should not share host process ID or host IPC namespace	47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster containers should only use allowed capabilities	c26596ff-4d70-4e6a-9a30-c2506bd2f80c	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster pod hostPath volumes should only use allowed host paths	098fc59e-46c7-4d99-9b16-64990e543d75	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster pods should only use approved host network and port range	82985f06-dc18-4a48-bc1c-b9f4f0098cfe	Kubernetes	Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled	GA
Kubernetes cluster should not allow privileged containers	95edb821-ddaf-4404-9732-666045e056b4	Kubernetes	Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled	GA

Roles used

No Roles used

History

Date/Time (UTC ymd) (i)	Changes
2023-10-30 19:02:13	Version change: '1.3.0' to '1.4.0'
2023-05-04 17:45:12	Version change: '1.2.1' to '1.3.0'
2022-09-27 16:35:21	Version change: '1.2.0' to '1.2.1'
2022-09-21 16:34:39	Description change: 'This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'
2022-05-19 16:30:35	Version change: '1.1.1' to '1.2.0'
2020-10-13 13:23:38	Description change: 'This initiative includes the policies for the Kubernetes cluster pod security baseline standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'
2020-09-15 14:06:41	Name change: '[Preview]: Kubernetes cluster pod security baseline standards for Linux-based workloads' to 'Kubernetes cluster pod security baseline standards for Linux-based workloads'
2020-07-08 14:28:36	add Initiative a8640138-9b0a-4a28-b8cb-1666c838647d

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC