Control: Pod Security Policy should prohibit hostPaths volumes

Description

The Pod Security Policy `allowedHostPaths` specifies a list of host paths that are allowed to be used by hostPath volumes. An empty list means there is no restriction on host paths used. This is defined as a list of objects with a single pathPrefix field, which allows hostPath volumes to mount a path that begins with an allowed prefix, and a readOnly field indicating it must be mounted read-only.

Usage

Run the control in your terminal:

powerpipe control run kubernetes_compliance.control.pod_security_policy_allowed_host_path

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run kubernetes_compliance.control.pod_security_policy_allowed_host_path --share

SQL

This control uses a named query:

pod_security_policy_allowed_host_path

Control: Pod Security Policy should prohibit hostPaths volumes

Description

Usage

SQL

Tags