Control: Kubernetes clusters should have Azure network plugin
Description
This control checks if Azure CNI networking is enabled for Kubernetes cluster.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.kubernetes_cluster_network_plugin_azureSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.kubernetes_cluster_network_plugin_azure --shareSQL
This control uses a named query:
select c.id as resource, case when network_profile ->> 'networkPlugin' = 'azure' then 'ok' else 'alarm' end as status, case when network_profile ->> 'networkPlugin' = 'azure' then c.name || ' Azure CNI networking enabled.' else c.name || ' Azure CNI networking disabled.' end as reason , c.resource_group as resource_group , sub.display_name as subscriptionfrom azure_kubernetes_cluster c, azure_subscription subwhere sub.subscription_id = c.subscription_id;