Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
1Dashboards
78Benchmarks
40Queries
2Variables
GitHub

Control: 7.4 Ensure Cluster Check triggered at least once per week for Kubernetes Clusters

Description

Kubernetes Engine's cluster check feature helps you verify the system nodes and components healthy status. When you trigger the checking, the process would check on the health state of each node in your cluster and also the cluster configuration as kubelet\docker daemon\kernel and network iptables configuration, if there are fails consecutive health checks, the diagnose would report to admin for further repair.

Remediation

From Console

  1. Logon to ACK console.
  2. Select the target cluster and open the More pop-menu for advance options on cluster.
  3. Select Global Check and click the Start button to trigger the checking.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_7_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_7_4 --share

SQL

This control uses a named query:

select
  'arn:acs:::' || account_id as resource,
  'info' as status,
  'Manual verification required.' as reason
  , account_id as account_id
from
  alicloud_account;

Tags

category = Compliance
cis = true
cis_item_id = 7.4
cis_level = 1
cis_section_id = 7
cis_type = automated
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/ACK