Ensure AKS cluster has Network Policy configured
Default Severity: high
Explanation
The Kubernetes object type NetworkPolicy should be defined to have opportunity allow or block traffic to pods, as in a Kubernetes cluster configured with default settings, all pods can discover and communicate with each other without any restrictions.
Possible Impact
No network policy is protecting the AKS cluster
Suggested Resolution
Configure a network policy
Insecure Example
The following example will fail the azure-container-configured-network-policy check.
resource "azurerm_kubernetes_cluster" "bad_example" {
network_profile {
}
}
Secure Example
The following example will pass the azure-container-configured-network-policy check.
resource "azurerm_kubernetes_cluster" "good_example" {
network_profile {
network_policy = "calico"
}
}