turbot/kubernetes_compliance

Kubernetes Compliance Mod

Run individual controls or full compliance benchmarks for NSA and CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters.

References

Kubernetes also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.

NSA & CISA Cybersecurity Technical Report describes the complexities of securely managing Kubernetes an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Steampipe Mods are collections of named queries, and codified controls that can be used to test current configuration of your cloud resources against a desired configuration.

Documentation

Get started

Install the Kubernetes plugin with Steampipe:

steampipe plugin install kubernetes

Clone:

git clone https://github.com/turbot/steampipe-mod-kubernetes-compliance.git
cd steampipe-kubernetes-compliance

Run all benchmarks:

steampipe check all

Run a single benchmark:

steampipe check benchmark.nsa_cisa_v1_network_hardening_cpu_limit

Run a specific control:

steampipe check control.daemonset_cpu_limit

Credentials

This mod uses the credentials configured in the Steampipe Kubernetes plugin.

Configuration

No extra configuration is required.

Get involved