-
Story
-
Resolution: Done
-
Medium
-
None
-
None
-
None
-
Policy 08/02/22-01/03/22, Policy 02/03/22-16/03/22, Policy 16/03/22-30/03/22
Kubernetes participant should not allow installation of helm charts from unauthorized helm repos. A validation mechanism needs to be implemented to authenticate helm repos or helm charts before proceeding for deployment.
Solution agreed with SECCOM:
- K8s participant should be restricted to use only ‘https’ enabled repositories to consume the charts.
- K8s participant should verify a list of approved helm repos (whitelist) provided from a trusted input to validate before the deployment.
- REST endpoints on k8s participants should be removed due to security concerns. Only clamp way of invocation should be allowed.