🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-kubernetes-compliance
Overview
4Dashboards
790Benchmarks
781Queries
2Variables
GitHub

Control: Pod containers argument etcd auto TLS should be disabled

Description

This check ensures that the container in the Pod has argument etcd auto TLS disabled.

Usage

Run the control in your terminal:

powerpipe control run kubernetes_compliance.control.pod_container_argument_etcd_auto_tls_disabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run kubernetes_compliance.control.pod_container_argument_etcd_auto_tls_disabled --share

SQL

This control uses a named query:

select
  coalesce(uid, concat(path, ':', start_line)) as resource,
  case
    when (c -> 'command') is null or not ((c -> 'command') @> '["etcd"]') then 'ok'
    when (c -> 'command') @> '["etcd"]'
      and (c -> 'command') @> '["--auto-tls=true"]' then 'alarm'
    else 'ok'
  end as status,
  case
    when (c -> 'command') is null then c ->> 'name' || ' command not defined.'
    when not ((c -> 'command') @> '["etcd"]') then c ->> 'name' || ' etcd not defined.'
    when (c -> 'command') @> '["etcd"]'
      and (c -> 'command') @> '["-auto-tls=true"]' then c ->> 'name' || ' auto TLS enabled.'
    else c ->> 'name' || ' auto TLS disabled.'
  end as reason,
  name as pod_name
  
  , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as path
from
  kubernetes_pod,
  jsonb_array_elements(containers) as c;

Tags

category = Compliance
plugin = kubernetes
service = Kubernetes/Pod