search

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
https://cheatsheetseries.owasp.org
Creative Commons Attribution Share Alike 4.0 International
27.1k stars 3.8k forks source link

Update: Docker Security #1340

Closed rtvkiz closed 4 months ago

rtvkiz commented 4 months ago

What is missing or needs to be updated?

In the Docker Security Cheatsheet, RULE #3 - Limit capabilities, when discussing about the configuration of Kubernetes Security, at the end it is specified that administrator can configure 'Pod Security Policies'. But the issue is 'Pod Security Policies' have been deprecated by Kubernetes and removed from latest version - "PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25." https://kubernetes.io/docs/concepts/security/pod-security-policy/

How should this be resolved?

We need to update the document to remove that line and either specify the following alternative: you can enforce similar restrictions on Pods using either or both:

Pod Security Admission a 3rd party admission plugin, that you deploy and configure yourself

As per the document.

otkd commented 4 months ago

Resolved in #1350 and can be closed