# Kubernetes Security & Compliance CloudQuery policy pack

Official Kubernetes security &amp; compliance policy pack for CloudQuery.

## Included Policies

- NSA and CISA Kubernetes Hardening Guidance v1.0

## Quick Start

### Prerequisite

1. [Install CloudQuery](https://docs.cloudquery.io/docs/getting-started)
2. [Install Kubernetes Provider](https://docs.cloudquery.io/docs/cli/fetch/overview)
3. [Fetch](https://hub.cloudquery.io/providers/cloudquery/k8s/latest)

### Running

```bash
# Describe what is available in the policy pack
cloudquery policy describe kubernetes

# Run the whole pack
cloudquery policy run kubernetes
```


Kubernetes Security & Compliance

Kubernetes Security & Compliance Policy Pack

control_plane_hardening

Ensure contorl plane hardening

cpu_limit

Enforce CPU resource limits

cpu_request

Containers CPU request

default_deny_network_policy

Enforce default deny network policy

memory_limit

Ensure memeory limits set

memory_request

Ensure memory requests set

network_hardening

Network Separation and Hardening

container_disallow_host_path

Disallow host path access

container_privilege_disabled

Verify containers have privileged access disabled

container_privilege_escalation_disabled

Container privileged escalation disabled

host_network_access_disabled

Host network access disabled

hostpid_hostipc_sharing_disabled

HostPID and HostIPC sharing disabled

immutable_container_filesystem

Containers root file system is read-only

non_root_container

Enforce containers to run as non-root

service_account_token_disabled

Automatic mapping of the service account tokens disabled

pod_security

Kubernetes Pod Security

nsa_cisa_v1

NSA and CISA Kubernetes Hardening Guidance v1.0