-
Bug
-
Resolution: Not a Bug
-
Normal
-
None
-
4.8.z
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
Set a Value
-
If Release Note Needed, Set a Value
-
None
-
None
-
None
-
None
-
None
Description of problem:
ocp4-cis-general-default-namespace-use rule is not clear, customer requires to justify if the cluster is compliance or not, at first sight seems like this rule could be automated. As per description: " Kubernetes provides a default namespace, where objects are placed if no namespace is specified for them. Placing objects in this namespace makes application of RBAC and other controls more difficult" and Rationale statement: "Resources in a Kubernetes cluster should be segregated by namespace, to allow for security controls to be applied at that level and to make it easier to manage resources." Which specific resources should be verify on default namespace that oc cli could not report?
Version-Release number of selected component (if applicable):
CO 1.53
How reproducible:
always
Steps to Reproduce:
1. verify compliance check results 2. 3.
Actual results:
is a manual rule but not clear how to justify that cluster is compliance
Expected results:
clarify how to justify that cluster is compliance
Additional info:
