/
Kubernetes Clusters Should Disable Automounting API Credentials
Kubernetes Clusters Should Disable Automounting API Credentials
- Former user (Deleted)
Owned by Former user (Deleted)
Aug 17, 2021
1 min read
Analytics
Loading data...
Description:
Disable automounting API credentials to prevent a potentially compromised Pod resource to run API commands against Kubernetes clusters.
Solution/Reference:
From the unhealthy resources tab, select the cluster. Security Center lists the pods missing the automountServiceAccountToken: false flag. There are multiple ways to opt out of automounting API credentials for a service account. To opt out of automounting API credentials for a single pod, set automountServiceAccountToken: false in PodSpec. After making your changes, redeploy your updated pod or service account.
For more information, see https://aka.ms/kubepolicydoc.
, multiple selections available,
Related content
Pod Security Policies Should be Defined on Kubernetes Services (Deprecated)
Pod Security Policies Should be Defined on Kubernetes Services (Deprecated)
More like this
Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
More like this
Privileged Containers Should be Avoided
Privileged Containers Should be Avoided
More like this
Running Containers as Root User Should be Avoided
Running Containers as Root User Should be Avoided
More like this
Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
More like this
Containers Sharing Sensitive Host Namespaces Should Be Avoided
Containers Sharing Sensitive Host Namespaces Should Be Avoided
More like this