Kubernetes Security Requirements

Input from Operators

These requirements provided by

Chevron
Total
Repsol
Shell

Requirements

K8s diagnostic settings must be enabled and forwarded to Log Analytics
Azure AD should be enabled in Kubernetes Service
Cluster RBAC must be enabled in Kubernetes Service
Do not directly or indirectly grant cluster admin level access to developers
The latest version of Kubernetes should be used . Autoupdate daemon to be used
Ensure containers listen only on allowed ports
Do not allow privileged containers in AKS
Container build file must be auditable/visible
Allow Secrets Injection into containers

Edited Jun 02, 2020 by Paco Hope (AWS)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information