K8S kube-audit
Description
kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as:
- run as non-root
- use a read-only root filesystem
- drop scary capabilities, don't add new ones
- don't run privileged
- and more!
Project page
- https://github.com/Shopify/kubeaudit
Install
wget https://github.com/Shopify/kubeaudit/releases/download/0.16.0/kubeaudit_0.16.0_linux_amd64.tar.gz
tar -xf kubeaudit_0.16.0_linux_amd64.tar.gz
Alias
ln -s /<YOUR_LOCATION>/kubeaudit /usr/bin/kube-audit
Run
./kube-audit all
./kube-audit all --namespace=<namespace>