turbot/ibm_compliance

GitHub
Loading controls...

Control: 7.1.5 Ensure IBM Cloud Kubernetes Service cluster has image pull secrets enabled

Description

Image pull secrets are credentials that authorize your cluster to pull images from a private image registry. IBM Cloud Kubernetes Service integrates with IBM Cloud Container Registry and provides pull secrets for IBM Cloud Container Registry in the default Kubernetes namespace.

Remediation

From Console

  1. Log in to the IBM Cloud console at https://cloud.ibm.com/.
  2. To view a list of your resources, go to Menu > Resource List.
  3. From your IBM Cloud resource list, select your cluster.
  4. From the Overview tab, for Image pull secrets, click Enable.
  5. In the modal, click Enable to confirm.

From Command Line:

  1. Run the following command to create a service ID for the cluster and assign the service ID an IAM Reader service role for IBM Cloud Container Registry. The command also creates an API key to impersonate the service ID credentials and stores the API key in a Kubernetes image pull secret in the default namespace of the cluster.
ibmcloud ks cluster pull-secret apply --cluster <cluster_name_or_ID>

Usage

Run the control in your terminal:

steampipe check ibm_compliance.control.cis_v100_7_1_5

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share ibm_compliance.control.cis_v100_7_1_5

SQL

This control uses a named query:

manual_control

Tags