issues
search
turbot
/
steampipe-mod-kubernetes-compliance
Run individual controls or full compliance benchmarks for NSA CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters using Powerpipe and Steampipe.
https://hub.powerpipe.io/mods/turbot/kubernetes_compliance
Apache License 2.0
32
stars
4
forks
source link
Add pod template controls. Closes #66
#65
Closed
Subhajit97
closed
1 year ago
Subhajit97
commented
1 year ago
Controls
pod_template_container_privilege_escalation_disabled
pod_template_container_with_added_capabilities
pod_template_container_sys_admin_capability_disabled
pod_template_container_admission_control_plugin_no_always_admit
pod_template_container_admission_control_plugin_always_pull_images
pod_template_container_argument_api_server_anonymous_auth_disabled
pod_template_container_argument_audit_log_path_configured
pod_template_container_argument_audit_log_maxage_greater_than_30
pod_template_container_argument_audit_log_maxbackup_greater_than_10
pod_template_container_argument_audit_log_maxsize_greater_than_100
pod_template_container_argument_authorization_mode_node
pod_template_container_argument_authorization_mode_no_always_allow
pod_template_container_argument_authorization_mode_rbac
pod_template_container_no_argument_basic_auth_file
pod_template_container_encryption_providers_configured
pod_template_container_argument_etcd_cafile_configured
pod_template_container_argument_api_server_etcd_certfile_and_keyfile_configured
pod_template_container_no_argument_insecure_bind_address
pod_template_container_argument_insecure_port_0
pod_template_container_argument_kubelet_client_certificate_and_key_configured
pod_template_container_argument_kubelet_https_enabled
pod_template_cpu_limit
pod_template_cpu_request
pod_template_container_security_context_exists
pod_template_container_admission_capability_restricted
pod_template_container_image_pull_policy_always
pod_template_container_image_tag_specified
pod_template_container_argument_kubelet_anonymous_auth_disabled
pod_template_container_argument_event_qps_less_than_5
pod_template_container_rotate_certificate_enabled
pod_template_container_liveness_probe
pod_template_memory_limit
pod_template_memory_request
pod_template_container_capabilities_drop_all
pod_template_container_privilege_disabled
pod_template_immutable_container_filesystem
pod_template_container_readiness_probe
pod_template_container_argument_namespace_lifecycle_enabled
pod_template_container_argument_node_restriction_enabled
pod_template_container_argument_service_account_lookup_enabled
pod_template_container_token_auth_file_not_configured
pod_template_container_kubelet_certificate_authority_configured
pod_template_container_argument_etcd_auto_tls_disabled
pod_template_container_argument_etcd_client_cert_auth_enabled
pod_template_container_argument_kube_controller_manager_profiling_disabled
pod_template_container_argument_kube_controller_manager_root_ca_file_configured
pod_template_container_argument_kube_controller_manager_service_account_credentials_enabled
pod_template_container_argument_kube_controller_manager_service_account_private_key_file_configured
pod_template_container_argument_kubelet_authorization_mode_no_always_allow
pod_template_container_no_argument_hostname_override_configured
pod_template_container_argument_tls_cert_file_and_tls_private_key_file_configured
pod_template_container_argument_make_iptables_util_chains_enabled
pod_template_container_argument_protect_kernel_defaults_enabled
pod_template_container_argument_kubelet_read_only_port_0
pod_template_container_argument_bind_address_127_0_0_1
pod_template_container_argument_kube_scheduler_profiling_disabled
pod_template_container_argument_pod_security_policy_enabled
pod_template_container_argument_kube_apiserver_profiling_disabled
pod_template_container_argument_secure_port_not_0
pod_template_container_argument_service_account_key_file_appropriate
pod_template_container_argument_service_account_enabled
pod_template_container_argument_kube_controller_manager_bind_address_127_0_0_1
pod_template_container_kubelet_streaming_connection_idle_timeout_not_zero
pod_template_container_kubernetes_dashboard_not_deployed
pod_template_container_argument_etcd_peer_certfile_and_peer_keyfile_configured
pod_template_container_argument_etcd_certfile_and_keyfile_configured
pod_template_container_argument_api_server_tls_cert_file_and_tls_private_key_file_configured
pod_template_container_argument_rotate_kubelet_server_certificate_enabled
pod_template_container_strong_kubelet_cryptographic_ciphers
pod_template_container_strong_kube_apiserver_cryptographic_ciphers
pod_template_container_argument_security_context_deny_enabled
pod_template_container_argument_kubelet_client_ca_file_configured
pod_template_container_argument_kubelet_terminated_pod_gc_threshold_configured
Controls