Control: DaemonSet containers peer client cert auth should be enabled
Description
This check ensures that the container in the DaemonSet has peer client cert auth enabled.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.daemonset_container_arg_peer_client_cert_auth_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.daemonset_container_arg_peer_client_cert_auth_enabled --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'args') @> '["--peer-client-cert-auth=true"]' then 'ok' else 'alarm' end as status, case when (c -> 'args') @> '["--peer-client-cert-auth=true"]' then c ->> 'name' || ' peer cldient cert auth enabled.' else c ->> 'name' || ' peer client cert auth disabled.' end as reason, name as daemonset_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_daemonset, jsonb_array_elements(template -> 'spec' -> 'containers') as c;