cnspec assesses your full Kubernetes environment for misconfigurations that put your organization at risk. You can scan your Kubernetes clusters for compliance with security policies created by Mondoo or the community, or create your own policies. You also can write individual tests to run on the fly or include in automated tasks.
You can also scan Kubernetes manifests to catch misconfigurations. Integrating manifest scanning in your development process can eliminate risks before they reach production.
Connect cnspec with your Kubernetes environment
To test your Kubernetes environment with cnspec, you must have:
- cnspec installed on your workstation.
- kubectl installed on your workstation. To ensure that kubectl is successfully installed and you can access your Kubernetes infrastructure, run
kubectl describe nodes.
Verify with a quick Kubernetes check
To quickly confirm that cnspec has access to your Kubernetes environment, run this check from your terminal:
cnspec run k8s -c 'k8s.deployment.uid != "foo"'
This asserts that none of your deployments are named
foo. cnspec returns a report listing your deployments. For each, it indicates whether the deployment meets the requirement (not named
[passed] k8s.deployment.uid != "foo"
[ok] value: "057e7351-5738-4d3b-bd5f-46d86403c563"
[ok] value: "8038b1f4-020d-4f3f-a1da-8ec86044b9d7"
[ok] value: "aadd280e-4498-4071-8fd0-1fad781a2d07"
You've successfully used cnspec to run your first check against your Kubernetes infrastructure. Now you're ready to explore more Kubernetes information.