turbot/kubernetes_compliance

Query: deployment_container_no_argument_insecure_bind_address

Usage

powerpipe query kubernetes_compliance.query.deployment_container_no_argument_insecure_bind_address

Steampipe Tables

SQL

select
coalesce(uid, concat(path, ':', start_line)) as resource,
case
when (c -> 'command') is null or not ((c -> 'command') @> '["kube-apiserver"]') then 'ok'
when (c -> 'command') @> '["kube-apiserver"]'
and (c ->> 'command' like '%--insecure-bind-address%') then 'alarm'
else 'ok'
end as status,
case
when (c -> 'command') is null then c ->> 'name' || ' command not defined.'
when not ((c -> 'command') @> '["kube-apiserver"]') then c ->> 'name' || ' kube-apiserver not defined.'
when (c -> 'command') @> '["kube-apiserver"]'
and (c ->> 'command' like '%--insecure-bind-address%') then c ->> 'name' || ' has insecure bind address.'
else c ->> 'name' || ' has no insecure bind address.'
end as reason,
name as deployment_name
, coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as path
from
kubernetes_deployment,
jsonb_array_elements(template -> 'spec' -> 'containers') as c;

Controls

The query is being used by the following controls: