Control: Role-Based Access Control (RBAC) should be used on Kubernetes Services
Description
To provide granular filtering on the actions that users can perform, use Role-Based Access Control (RBAC) to manage permissions in Kubernetes Service Clusters and configure relevant authorization policies.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.kubernetes_instance_rbac_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.kubernetes_instance_rbac_enabled --shareSQL
This control uses a named query:
select kc.id as resource, case when enable_rbac then 'ok' else 'alarm' end as status, case when enable_rbac then name || ' role based access control enabled.' else name || ' role based access control disabled.' end as reason, enable_rbac , kc.resource_group as resource_group , sub.display_name as subscriptionfrom azure_kubernetes_cluster kc, azure_subscription subwhere sub.subscription_id = kc.subscription_id;