Disabling creation of secrets in an AKS Cluster? #4288
Unanswered
johnpetersjr
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all,
I'd like to try using an Azure Policy to enforce users to not store / use secrets in their namespaces. Has anyone tried this before?
I have given the users a way to seamlessly connect to an Azure Vault from their pods using managed identities, so they can get secrets directly from there. My security team would like to see no-one using a Kubernetes Secret ever again, if possible, hence my thought of disabling AKS secrets...
I was thinking along the lines of this built-in policy ContainerDisalllowedCapabilities to essentially white-list things like nginx or kube-system in case they really need to use secrets, but then block all other namespaces from the 'capability' of using secrets.
Is this possible? Or is this a different/better way to do this?
Beta Was this translation helpful? Give feedback.
All reactions