Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Containers/ Best Practices
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
- Snyk IDSNYK-CC-00472
- creditSnyk Research Team
Description
Increases attack vectors of kubernetes cluster.
How to fix?
Set properties.addonProfiles.omsagent.enabled attribute to true.
Set addon_profile.kube_dashboard attribute to false.
Example Configuration
resource "azurerm_kubernetes_cluster" "allowed" {
name = "example-aks1"
location = azurerm_resource_group.example472.location
resource_group_name = azurerm_resource_group.example472.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "Production"
}
kubernetes_version = "1.24"
addon_profile {
kube_dashboard {
enabled = false
}
}
}