turbot/kubernetes_compliance

GitHub
config_map_default_namespace_usedcronjob_container_liveness_probecronjob_container_privilege_disabledcronjob_container_privilege_escalation_disabledcronjob_container_privilege_port_mappedcronjob_container_readiness_probecronjob_cpu_limitcronjob_cpu_requestcronjob_default_namespace_usedcronjob_default_seccomp_profile_enabledcronjob_host_network_access_disabledcronjob_hostpid_hostipc_sharing_disabledcronjob_immutable_container_filesystemcronjob_memory_limitcronjob_memory_requestcronjob_non_root_containerdaemonset_container_liveness_probedaemonset_container_privilege_disableddaemonset_container_privilege_escalation_disableddaemonset_container_privilege_port_mappeddaemonset_container_readiness_probedaemonset_cpu_limitdaemonset_cpu_requestdaemonset_default_namespace_useddaemonset_default_seccomp_profile_enableddaemonset_host_network_access_disableddaemonset_hostipc_sharing_disableddaemonset_hostpid_hostipc_sharing_disableddaemonset_hostpid_sharing_disableddaemonset_immutable_container_filesystemdaemonset_memory_limitdaemonset_memory_requestdaemonset_non_root_containerdeployment_container_liveness_probedeployment_container_privilege_disableddeployment_container_privilege_escalation_disableddeployment_container_privilege_port_mappeddeployment_container_readiness_probedeployment_cpu_limitdeployment_cpu_requestdeployment_default_namespace_useddeployment_default_seccomp_profile_enableddeployment_host_network_access_disableddeployment_hostipc_sharing_disableddeployment_hostpid_hostipc_sharing_disableddeployment_hostpid_sharing_disableddeployment_immutable_container_filesystemdeployment_memory_limitdeployment_memory_requestdeployment_non_root_containerdeployment_replica_minimum_3endpoint_api_serve_on_secure_portingress_default_namespace_usedjob_container_liveness_probejob_container_privilege_disabledjob_container_privilege_escalation_disabledjob_container_privilege_port_mappedjob_container_readiness_probejob_cpu_limitjob_cpu_requestjob_default_namespace_usedjob_default_seccomp_profile_enabledjob_host_network_access_disabledjob_hostipc_sharing_disabledjob_hostpid_hostipc_sharing_disabledjob_hostpid_sharing_disabledjob_immutable_container_filesystemjob_memory_limitjob_memory_requestjob_non_root_containernamespace_limit_range_default_cpu_limitnamespace_limit_range_default_cpu_requestnamespace_limit_range_default_memory_limitnamespace_limit_range_default_memory_requestnamespace_resource_quota_cpu_limitnamespace_resource_quota_cpu_requestnamespace_resource_quota_memory_limitnamespace_resource_quota_memory_requestnetwork_policy_default_deny_egressnetwork_policy_default_deny_ingressnetwork_policy_default_dont_allow_egressnetwork_policy_default_dont_allow_ingresspod_container_liveness_probepod_container_privilege_disabledpod_container_privilege_escalation_disabledpod_container_privilege_port_mappedpod_container_readiness_probepod_default_namespace_usedpod_default_seccomp_profile_enabledpod_host_network_access_disabledpod_hostipc_sharing_disabledpod_hostpid_hostipc_sharing_disabledpod_hostpid_sharing_disabledpod_immutable_container_filesystempod_non_root_containerpod_security_policy_allowed_host_pathpod_security_policy_container_privilege_disabledpod_security_policy_container_privilege_escalation_disabledpod_security_policy_default_seccomp_profile_enabledpod_security_policy_host_network_access_disabledpod_security_policy_hostipc_sharing_disabledpod_security_policy_hostpid_hostipc_sharing_disabledpod_security_policy_hostpid_sharing_disabledpod_security_policy_immutable_container_filesystempod_security_policy_non_root_containerpod_security_policy_security_services_hardeningpod_service_account_not_existpod_service_account_token_disabledpod_volume_host_pathreplicaset_container_liveness_probereplicaset_container_privilege_disabledreplicaset_container_privilege_escalation_disabledreplicaset_container_privilege_port_mappedreplicaset_container_readiness_probereplicaset_cpu_limitreplicaset_cpu_requestreplicaset_default_namespace_usedreplicaset_default_seccomp_profile_enabledreplicaset_host_network_access_disabledreplicaset_hostipc_sharing_disabledreplicaset_hostpid_hostipc_sharing_disabledreplicaset_hostpid_sharing_disabledreplicaset_immutable_container_filesystemreplicaset_memory_limitreplicaset_memory_requestreplicaset_non_root_containerreplication_controller_container_liveness_probereplication_controller_container_privilege_disabledreplication_controller_container_privilege_escalation_disabledreplication_controller_container_privilege_port_mappedreplication_controller_container_readiness_probereplication_controller_cpu_limitreplication_controller_cpu_requestreplication_controller_default_namespace_usedreplication_controller_default_seccomp_profile_enabledreplication_controller_host_network_access_disabledreplication_controller_hostipc_sharing_disabledreplication_controller_hostpid_hostipc_sharing_disabledreplication_controller_hostpid_sharing_disabledreplication_controller_immutable_container_filesystemreplication_controller_memory_limitreplication_controller_memory_requestreplication_controller_non_root_containerrole_binding_default_namespace_usedrole_default_namespace_usedsecret_default_namespace_usedservice_account_default_namespace_usedservice_account_token_disabledservice_default_namespace_usedservice_type_forbiddenstatefulset_container_liveness_probestatefulset_container_privilege_disabledstatefulset_container_privilege_escalation_disabledstatefulset_container_privilege_port_mappedstatefulset_container_readiness_probestatefulset_cpu_limitstatefulset_cpu_requeststatefulset_default_namespace_usedstatefulset_default_seccomp_profile_enabledstatefulset_host_network_access_disabledstatefulset_hostpid_hostipc_sharing_disabledstatefulset_immutable_container_filesystemstatefulset_memory_limitstatefulset_memory_requeststatefulset_non_root_container

Queries in Kubernetes Compliance

The Kubernetes Compliance mod includes 165 queries: