Ensure the admission control plugin NodeRestriction is set
Error: The admission control plugin NodeRestriction is not set
Bridgecrew Policy ID: BC_K8S_62
Checkov Check ID: CKV_K8S_85
The admission control plugin NodeRestriction is not set
Pod objects that a kubelet could modify.
NodeRestriction plug-in ensures that the kubelet is restricted to the
Pod objects that it could modify as defined. Such kubelets will only be allowed to modify their own
Node API object, and only modify
Pod API objects that are bound to their node.
Fix - Buildtime
- Kind: Pod
apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: + - kube-apiserver + - --enable-admission-plugins=NodeRestriction image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0 ...
Updated 6 months ago