Shopify / kubeaudit

kubeaudit helps you audit your Kubernetes clusters against common security controls
MIT License
1.89k stars 183 forks source link

add more resources policies to limits auditor #508

Open dani-santos-code opened 1 year ago

dani-santos-code commented 1 year ago

NSA's K8s hardening guidelines mention LimitRanges, ResourceQuotas, and Process ID on page 24 as something that can be set to harden k8s clusters

Limits restrict resource usage for namespaces, nodes, or Pods. These policies are important to reserve compute and storage space for a resource and avoid resource exhaustion.

It'd be nice to have the limits auditor also flag when those policies are not set. Alternatively, we can create a new resources policies auditor?

ISSUE TYPE

FEATURE IDEA

Proposal:

1 This is the quickest way to get a new feature! We reserve the right to close feature requests, even ones we like, if the proposer does not intend to contribute to the feature and it doesn't fit in our current roadmap.