Control: Pod Security Policy should prohibit hostPaths volumes
Description
The Pod Security Policy `allowedHostPaths` specifies a list of host paths that are allowed to be used by hostPath volumes. An empty list means there is no restriction on host paths used. This is defined as a list of objects with a single pathPrefix field, which allows hostPath volumes to mount a path that begins with an allowed prefix, and a readOnly field indicating it must be mounted read-only.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.pod_security_policy_allowed_host_pathSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.pod_security_policy_allowed_host_path --shareSQL
This control uses a named query:
pod_security_policy_allowed_host_path