Skip to content

K8s kube-audit

Description

kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as:

  • run as non-root
  • use a read-only root filesystem
  • drop scary capabilities, don't add new ones
  • don't run privileged
  • and more!

Project page

  • https://github.com/Shopify/kubeaudit

Install

wget https://github.com/Shopify/kubeaudit/releases/download/0.16.0/kubeaudit_0.16.0_linux_amd64.tar.gz
tar -xf kubeaudit_0.16.0_linux_amd64.tar.gz

Alias

ln -s /<YOUR_LOCATION>/kubeaudit /usr/bin/kube-audit

Run

./kube-audit all
./kube-audit all --namespace=<namespace>