{"results":[{"id":"aks-api-server-guard-throttles-non-system","text":"The API Server Guard (`aks-managed-apiserver-guard`) is a FlowSchema and PriorityLevelConfiguration that throttles non-system client requests under high load while allowing system-critical calls (e.g., kubelet) to continue.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-api-server-guard-throttling","text":"The `aks-managed-apiserver-guard` FlowSchema is a last-resort throttling mechanism that throttles non-system client requests to protect the API server under high load; system-critical calls like kubelet continue normally.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-api-server-public-by-default","text":"The AKS API server is public by default; access can be restricted via authorized IP ranges or by creating a private cluster.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-apiserver-guard-throttles-non-system","text":"The AKS API server guard (`aks-managed-apiserver-guard`) is a FlowSchema and PriorityLevelConfiguration that throttles non-system client requests under high load while allowing system-critical calls (e.g., kubelet) to continue.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-apiserver-guard-throttling","text":"The aks-managed-apiserver-guard FlowSchema is a last-resort throttling mechanism that throttles non-system client requests to protect the API server under high load; system-critical calls (e.g., kubelet) continue normally.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-apparmor-seccomp-container-restriction","text":"AKS supports AppArmor and seccomp profiles to restrict container actions following the principle of least privilege.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-apparmor-seccomp-container-restrictions","text":"AKS supports AppArmor and seccomp profiles to restrict container actions following the least-privilege principle.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-azure-disk-readwriteonce","text":"Azure Disk volumes in AKS are mounted as ReadWriteOnce (single node); Azure Files supports ReadWriteMany (multi-node)","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-azure-disks-single-pod-files-multi-pod","text":"Azure Disks CSI provides single-pod access; Azure Files CSI provides multiple concurrent pod access.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-azure-files-smb-311-nfs-41","text":"Azure Files CSI driver supports SMB 3.1.1 and NFS 4.1 protocols, enabling multi-node and multi-pod concurrent access.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-bring-your-own-cni-supported","text":"AKS supports bring-your-own CNI for third-party networking plugins in addition to Azure-provided CNI options.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-cncf-certified","text":"AKS is a CNCF-certified conformant Kubernetes distribution.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-cncf-certified-conformance","text":"AKS is CNCF-certified, meaning it passes Kubernetes conformance testing.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-cncf-certified-kubernetes","text":"AKS is CNCF-certified, meaning it passes official Kubernetes conformance testing.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-compliance-soc-iso-pci-hipaa","text":"AKS is compliant with SOC, ISO, PCI DSS, and HIPAA standards.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-confidential-computing-hardware-tee","text":"AKS supports confidential computing nodes that run containers in hardware-based trusted execution environments (TEE).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-confidential-containers-sev-snp","text":"AKS Confidential Containers (preview) use Kata-based isolation with AMD SEV-SNP hardware memory encryption to prevent clear-text memory access.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-containerd-only-runtime","text":"containerd is the sole supported container runtime in AKS for Linux (Kubernetes 1.19+) and Windows (Kubernetes 1.23+).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-control-plane-free","text":"The AKS control plane is provided at no cost; users only pay for worker nodes.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-control-plane-managed-by-azure","text":"The AKS control plane (kube-apiserver, etcd, kube-scheduler, kube-controller-manager, cloud-controller-manager) is fully managed by Azure; users manage only worker nodes.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":120,"limit":20,"offset":0}