turbot/kubernetes_compliance

Query: pod_security_policy_non_root_container

Usage

powerpipe query kubernetes_compliance.query.pod_security_policy_non_root_container

SQL

select
coalesce(uid, concat(path, ':', start_line)) as resource,
case
when run_as_user ->> 'rule' = 'MustRunAsNonRoot' then 'ok'
else 'alarm'
end as status,
case
when run_as_user ->> 'rule' = 'MustRunAsNonRoot' then 'Pod security policy ' || name || ' restrict containers to run as non-root user.'
else 'Pod security policy ' || name || ' does not restrict containers to run as non-root user.'
end as reason
, coalesce(context_name, '') as context_name, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as path
from
kubernetes_pod_security_policy;

Controls

The query is being used by the following controls: