Control: DaemonSet containers argument etcd auto TLS should be disabled
Description
This check ensures that the container in the DaemonSet has argument etcd auto TLS disabled.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.daemonset_container_argument_etcd_auto_tls_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.daemonset_container_argument_etcd_auto_tls_disabled --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null or not ((c -> 'command') @> '["etcd"]') then 'ok' when (c -> 'command') @> '["etcd"]' and (c -> 'command') @> '["--auto-tls=true"]' then 'alarm' else 'ok' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when not ((c -> 'command') @> '["etcd"]') then c ->> 'name' || ' etcd not defined.' when (c -> 'command') @> '["etcd"]' and (c -> 'command') @> '["-auto-tls=true"]' then c ->> 'name' || ' auto TLS enabled.' else c ->> 'name' || ' auto TLS disabled.' end as reason, name as daemonset_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_daemonset, jsonb_array_elements(template -> 'spec' -> 'containers') as c;