Create a Post
dgoldhar
Employee Alumnus
Employee Alumnus

New Kubernetes RBAC services supported by CloudGuard Dome9

CloudGuard Dome9 now supports these Kubernetes services to manage RBAC. They can appear in GSL queries to evaluate them for compliance posture.

The KubernetesRole service defines RBAC roles for a Kubernetes cluster. These roles can be assigned to services or users to regulate their access to resources.


Sample GSL Rule: Minimize use of wildcards in role definitions
GSL: KubernetesRole should not have rules contain [ (resources with [$ regexMatch /.*\*.*/]) or (apiGroups with [$ regexMatch /.*\*.*/]) or (verbs with [$ regexMatch /.*\*.*/])]

 

The KubernetesRoleBinding service binds an RBAC role to specific Kubernetes services or users.

Sample GSL Rule: Limit cluster role binding to a specific authorized user
GSL: KubernetesRoleBinding  where kind='ClusterRoleBinding' should have subjects with [ name='Mark' ]

0 Kudos
0 Replies