Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-kubernetes-compliance
Overview
4Dashboards
790Benchmarks
781Queries
2Variables
GitHub

Control: Ingress definition should not have NGINX ingress annotation snippets containing alias statements

Description

This check ensures that the NGINX ingress annotation snippets in the Ingress do not contain alias statements.

Usage

Run the control in your terminal:

powerpipe control run kubernetes_compliance.control.ingress_nginx_annotations_snippets_alias_not_used

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run kubernetes_compliance.control.ingress_nginx_annotations_snippets_alias_not_used --share

SQL

This control uses a named query:

select
  coalesce(uid, concat(path, ':', start_line)) as resource,
  case when a.key like '%snippet%' and a.value like '%alias%' then 'alarm'
    else 'ok'
  end as status,
  case
    when a.key like '%snippet%' and a.value like '%alias%' then a.key || ' annotation snippet contains alias statements.'
    else a.key || ' annotation snippet not containing alias statements.'
  end as reason,
  name as ingress_name
  
  , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as path
from
  kubernetes_ingress,
  jsonb_each_text(annotations) as a;

Tags

category = Compliance
plugin = kubernetes
service = Kubernetes/Ingress