Security information¶
Mirantis has begun an initiative to align MKE with CIS Benchmarks, where pertinent. The following table details the CIS Benchmark resolutions and improvements that are introduced in MKE 3.5.11:
CIS Benchmark type/version |
Recommendation |
Ticket |
Resolution/Improvement |
---|---|---|---|
Kubernetes 1.7 |
1.1.17 |
MKE-9906 |
The permission for
|
Kubernetes 1.7 |
1.3.7 |
MKE-9904 |
The --address argument is set to 127.0.0.1 in
|
Kubernetes 1.7 |
5.1.6 |
MKE-9921 |
The use of service account tokens is restricted, allowing for mounting only where necessary in MKE system namespaces. |
Kubernetes 1.7 |
5.2.8 |
MKE-9924 |
NET_RAW capability has been removed from all unprivileged system containers. |