Dome9 support for Azure Kubernetes Service (AKS)
Dome9 now supports Azure Kubernetes Service (AKS) which is an open-source fully managed container orchestration service. AKS helps in provisioning, scaling, and upgrades of resources as per requirement or demand without any downtime in the Kubernetes cluster.
As part of our Cloud Security Posture Management and Compliance module, you are now able to evaluate security of AKS using GSL language.
Ensure that the pod security policy is enabled in your AKS cluster
GSL : AksCluster should have properties.enablePodSecurityPolicy=true
Ensure that you are using authorized IP address ranges in order to secure access to the API server
GSL : AksClustershould not haveproperties.apiServerAccessProfile.authorizedIPRanges isEmpty()
Ensure that a network policy is in place to secure traffic between pods
GSL: AksCluster should not have properties.networkProfile.networkPolicy isEmpty()