Allowing users and administrators to schedule containers on all nodes must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>MKE and MSR are set to disallow administrators and users to schedule containers. This setting must be checked for allowing administrators or users to schedule containers may override essential settings, and therefore is not permitted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-260917r966108_rule
Severity: Medium
References: CCI-000381
Updated: 19 days ago

Set MKE and MSR to disallow administrators and users to schedule containers.

Log in to the MKE web UI and navigate to admin >> Admin Settings >> Orchestration. Scroll to down "Container Scheduling".

Disable the "Allow administrators to deploy containers on MKE managers or nodes running MSR".
Disable "Allow users to schedule on all nodes, including MKE managers and MSR nodes" options.

Click "Save".

Allowing users and administrators to schedule containers on all nodes must be disabled.

Description

Remediation - Manual Procedure