Back

Configure the "admission control plugin NodeRestriction" to organizational standards.


CONTROL ID
14573
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure "Kubernetes" to organizational standards., CC ID: 14528

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure that the admission control plugin NodeRestriction is set Description: Limit the `Node` and `Pod` objects that a kubelet could modify. Rationale: Using the `NodeRestriction` plug-in ensures that the kubelet is restricted to the `Node` and `Pod` objects that it could modify as defined. Such kub… (1.2.17, The Center for Internet Security Kubernetes Level 1 Master Node Benchmark, v 1.6.0)
  • Ensure that the admission control plugin NodeRestriction is set Description: Limit the `Node` and `Pod` objects that a kubelet could modify. Rationale: Using the `NodeRestriction` plug-in ensures that the kubelet is restricted to the `Node` and `Pod` objects that it could modify as defined. Such kub… (1.2.17, The Center for Internet Security Kubernetes Level 2 Master Node Benchmark, v 1.6.0)