STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Mirantis Kubernetes Engine Security Technical Implementation Guide

V-260917

CAT II (Medium)

Allowing users and administrators to schedule containers on all nodes must be disabled.

Rule ID

SV-260917r966108_rule

STIG

Mirantis Kubernetes Engine Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000381

Discussion

MKE and MSR are set to disallow administrators and users to schedule containers. This setting must be checked for allowing administrators or users to schedule containers may override essential settings, and therefore is not permitted.

Check Content

To ensure this setting has not been modified follow these steps on each node:

Log in to the MKE web UI and navigate to admin >> Admin Settings >> Orchestration. Scroll to down "Container Scheduling".

Verify that the "Allow administrators to deploy containers on MKE managers or nodes running MSR" is disabled. If it is checked (enabled), this is a finding.

Verify that the "Allow users to schedule on all nodes, including MKE managers and MSR nodes" is disabled. If it is checked (enabled), this is a finding.

Fix Text

Set MKE and MSR to disallow administrators and users to schedule containers.

Log in to the MKE web UI and navigate to admin >> Admin Settings >> Orchestration. Scroll to down "Container Scheduling".

Disable the "Allow administrators to deploy containers on MKE managers or nodes running MSR".

Disable "Allow users to schedule on all nodes, including MKE managers and MSR nodes" options.

Click "Save".