This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dgoldhar
Employee Alumnus
Employee Alumnus
‎2020-05-25 11:10 PM

New Kubernetes RBAC services supported by CloudGuard Dome9

CloudGuard Dome9 now supports these Kubernetes services to manage RBAC. They can appear in GSL queries to evaluate them for compliance posture.

The KubernetesRole service defines RBAC roles for a Kubernetes cluster. These roles can be assigned to services or users to regulate their access to resources.


Sample GSL Rule: Minimize use of wildcards in role definitions
GSL: KubernetesRole should not have rules contain [ (resources with [$ regexMatch /.*\*.*/]) or (apiGroups with [$ regexMatch /.*\*.*/]) or (verbs with [$ regexMatch /.*\*.*/])]

 

The KubernetesRoleBinding service binds an RBAC role to specific Kubernetes services or users.

Sample GSL Rule: Limit cluster role binding to a specific authorized user
GSL: KubernetesRoleBinding  where kind='ClusterRoleBinding' should have subjects with [ name='Mark' ]

0 Kudos
0 Replies
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events