Control: ReplicaSet containers argument insecure bind address should not be set
Description
This check ensures that the container in the ReplicaSet does not have an argument insecure bind address set.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.replicaset_container_no_argument_insecure_bind_addressSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.replicaset_container_no_argument_insecure_bind_address --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null or not ((c -> 'command') @> '["kube-apiserver"]') then 'ok' when (c -> 'command') @> '["kube-apiserver"]' and (c ->> 'command' like '%--insecure-bind-address%') then 'alarm' else 'ok' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when not ((c -> 'command') @> '["kube-apiserver"]') then c ->> 'name' || ' kube-apiserver not defined.' when (c -> 'command') @> '["kube-apiserver"]' and (c ->> 'command' like '%--insecure-bind-address%') then c ->> 'name' || ' has insecure bind address.' else c ->> 'name' || ' has no insecure bind address.' end as reason, name as replicaset_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_replicaset, jsonb_array_elements(template -> 'spec' -> 'containers') as c;