HomeGitHubSign Up

C-0073 - Naked pods

Suggest Edits

Framework

AllControls, DevOpsBest

Severity

Low

Description of the the issue

It is not recommended to create pods without parental Deployment, ReplicaSet, StatefulSet etc.Manual creation if pods may lead to a configuration drifts and other untracked changes in the system. Such pods won't be automatically rescheduled by Kubernetes in case of a crash or infrastructure failure. This control identifies every pod that does not have corresponding parental object.

Related resources

Pod

What does this control test

Test if pods are not associated with Deployment, ReplicaSet etc. If not, fail.

Remediation

Create necessary Deployment object for every pod making any pod a first class citizen in your IaC architecture.

Example

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80

Updated about 1 month ago