Kubernetes Compliance Mod
Run individual controls or full compliance benchmarks for
NSA and CISA Kubernetes Hardening Guidance and
CIS across all of your Kubernetes clusters.
Kubernetes also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.
NSA & CISA Cybersecurity Technical Report describes the complexities of securely managing Kubernetes an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications.
CIS Kubernetes Benchmarks provide a predefined set of compliance and security best-practice checks for Kubernetes clusters.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
Steampipe Mods are collections of
named queries, and codified
controls that can be used to test current configuration of your cloud resources against a desired configuration.
Download and install Steampipe (https://steampipe.io/downloads). Or use Brew:
brew tap turbot/tapbrew install steampipe
Install the Kubernetes plugin with Steampipe:
steampipe plugin install kubernetes
git clone https://github.com/turbot/steampipe-mod-kubernetes-compliance.gitcd steampipe-mod-kubernetes-compliance
Start your dashboard server to get started:
By default, the dashboard interface will then be launched in a new browser window at https://localhost:9194. From here, you can run benchmarks by selecting one or searching for a specific one.
Instead of running benchmarks in a dashboard, you can also run them within your
terminal with the
steampipe check command:
Run all benchmarks:
steampipe check all
Run an single benchmark:
steampipe check benchmark.nsa_cisa_v1_network_hardening_cpu_limit
Run a specific control:
steampipe check control.daemonset_cpu_limit
Different output formats are also available, for more information please see Output Formats.
This mod uses the credentials configured in the Steampipe Kubernetes plugin.
No extra configuration is required.
If you have an idea for additional controls or just want to help maintain and extend this mod (or others) we would love you to join the community and start contributing.
- Join our Slack community → and hang out with other Mod developers.
Want to help but not sure where to start? Pick up one of the
help wanted issues: