last sync: 2025-Mar-26 20:41:06 UTC

Kubernetes cluster pod security baseline standards for Linux-based workloads

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameKubernetes cluster pod security baseline standards for Linux-based workloads
Ida8640138-9b0a-4a28-b8cb-1666c838647d
Version1.4.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.4.0
Built-in Versioning [Preview]
CategoryKubernetes
Microsoft Learn
DescriptionThis initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = true
Available in AzUSGovThe PolicySet is available in AzureUSGovernment cloud. Version: '1.4.0'
Repository: Azure-Policy a8640138-9b0a-4a28-b8cb-1666c838647d
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy-used types
Total Policies: 5
Builtin Policies: 5
Static Policies: 0
Policy-used states
1 states:
GA: 5
Policy-used categories
1 categories:
Kubernetes: 5
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
Kubernetes cluster containers should not share host process ID or host IPC namespace 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes 5.2.0 2x
5.2.0, 5.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Kubernetes cluster containers should only use allowed capabilities c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes 6.2.0 2x
6.2.0, 6.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Kubernetes cluster pod hostPath volumes should only use allowed host paths 098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes 6.2.0 2x
6.2.0, 6.1.1
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Kubernetes cluster pods should only use approved host network and port range 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes 6.2.0 2x
6.2.0, 6.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Kubernetes cluster should not allow privileged containers 95edb821-ddaf-4404-9732-666045e056b4 Kubernetes 9.2.0 2x
9.2.0, 9.1.0
Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2023-10-30 19:02:13 Version change: '1.3.0' to '1.4.0'
2023-05-04 17:45:12 Version change: '1.2.1' to '1.3.0'
2022-09-27 16:35:21 Version change: '1.2.0' to '1.2.1'
2022-09-21 16:34:39 Description change: 'This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'
2022-05-19 16:30:35 Version change: '1.1.1' to '1.2.0'
2020-10-13 13:23:38 Description change: 'This initiative includes the policies for the Kubernetes cluster pod security baseline standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.' to 'This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.'
2020-09-15 14:06:41 Name change: '[Preview]: Kubernetes cluster pod security baseline standards for Linux-based workloads' to 'Kubernetes cluster pod security baseline standards for Linux-based workloads'
2020-07-08 14:28:36 add Initiative a8640138-9b0a-4a28-b8cb-1666c838647d
JSON compare
compare mode: version left: version right:
JSON
api-version=2023-04-01
EPAC