1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
documentation_complete: true
title: 'Create administrative boundaries between resources using namespaces'
description: |-
Use namespaces to isolate your Kubernetes objects.
rationale: |-
Limiting the scope of user permissions can reduce the impact of mistakes or
malicious activities. A Kubernetes namespace allows you to partition created
resources into logically named groups. Resources created in one namespace can
be hidden from other namespaces. By default, each resource created by a user
in Kubernetes cluster runs in a default namespace, called default. You can
create additional namespaces and attach resources and users to them. You can
use Kubernetes Authorization plugins to create policies that segregate access
to namespace resources between different users.
severity: medium
ocil_clause: 'Namespace usage needs review'
ocil: |-
OpenShift projects wrap Kubernetes namespaces and are used by default in
OpenShift 4. Run the following command and review the namespaces created in
the cluster. <pre>$ oc get namespaces</pre> Ensure that the namespaces are
the ones you need and are adequately administered.
references:
cis@ocp4: 5.7.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
srg: SRG-APP-000516-CTR-001325
|
