Overview
Aks-1.7 cis bench mark 4.6.3 The default namespace should not be used Not working as expected is not working as expected, it shows warning by default even though default ns have the deployments
How did you run kube-bench?
Using sonobuoy aggregator
What happened?
Test showing warning instead of fail
What did you expect to happen:
Test 4.6.3 The default namespace should not be used Not working as expected should fail.
Environment
AKS version 1.32.1, RBAC enabled cluster
kube-bench version aks-1.7.0
What I suspect is kube-bench doesnt have the kubectl binary to perform this below logic.
id: 4.6.3
text: "The default namespace should not be used (Automated)"
audit: |
output=$(kubectl get all -n default --no-headers 2>/dev/null | grep -v '^service\s\+kubernetes\s' || true)
if [ -z "$output" ]; then echo "DEFAULT_NAMESPACE_UNUSED"; else echo "DEFAULT_NAMESPACE_IN_USE"; fi
Overview
Aks-1.7 cis bench mark 4.6.3 The default namespace should not be used Not working as expected is not working as expected, it shows warning by default even though default ns have the deployments
How did you run kube-bench?
Using sonobuoy aggregator
What happened?
Test showing warning instead of fail
What did you expect to happen:
Test 4.6.3 The default namespace should not be used Not working as expected should fail.
Environment
AKS version 1.32.1, RBAC enabled cluster
kube-bench version aks-1.7.0
What I suspect is kube-bench doesnt have the kubectl binary to perform this below logic.