Assess Kubernetes Security with cnspec
cnspec assesses your full Kubernetes environment for misconfigurations that put your organization at risk. You can scan your Kubernetes clusters for compliance with security policies created by Mondoo or the community, or create your own policies. You also can write individual tests to run on the fly or include in automated tasks.
You can also scan Kubernetes manifests to catch misconfigurations. Integrating manifest scanning in your development process can eliminate risks before they reach production.
For a list of Kubernetes resources you can test, read Mondoo Kubernetes (k8s) Resource Pack Reference and Mondoo Core Resource Pack Reference.
Connect cnspec with your Kubernetes environment
Requirements
To test your Kubernetes environment with cnspec, you must have:
- cnspec installed on your workstation.
- kubectl installed on your workstation. To ensure that kubectl is successfully installed and you can access your Kubernetes infrastructure, run
kubectl describe nodes
.
Verify with a quick Kubernetes check
To quickly confirm that cnspec has access to your Kubernetes environment, run this check from your terminal:
cnspec run k8s -c 'k8s.deployment.uid != "foo"'
This asserts that none of your deployments are named foo
. cnspec returns a report listing your deployments. For each, it indicates whether the deployment meets the requirement (not named foo
):
[passed] k8s.deployment.uid != "foo"
[ok] value: "057e7351-5738-4d3b-bd5f-46d86403c563"
[ok] value: "8038b1f4-020d-4f3f-a1da-8ec86044b9d7"
[ok] value: "aadd280e-4498-4071-8fd0-1fad781a2d07"
Next step
You've successfully used cnspec to run your first check against your Kubernetes infrastructure. Now you're ready to explore more Kubernetes information.