Control: PodTemplate containers should have TLS cert file and TLS private key file configured appropriately
Description
This check ensures that the container in the PodTemplate has TLS cert file and TLS private key file configured appropriately.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.pod_template_container_argument_kube_apiserver_tls_cert_file_and_tls_private_key_file_configuredSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.pod_template_container_argument_kube_apiserver_tls_cert_file_and_tls_private_key_file_configured --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null or not ((c -> 'command') @> '["kube-apiserver"]') then 'ok' when (c -> 'command') @> '["kube-apiserver"]' and not ( (c ->> 'command' like '%--tls-cert-file%') and (c ->> 'command' like '%--tls-private-key-file%') ) then 'alarm' else 'ok' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when not ((c -> 'command') @> '["kube-apiserver"]') then c ->> 'name' || ' kube-apiserver not defined.' when (c -> 'command') @> '["kube-apiserver"]' and not ( (c ->> 'command' like '%--tls-cert-file%') and (c ->> 'command' like '%--tls-private-key-file%') ) then c ->> 'name' || ' TLS cert file and private key not set.' else c ->> 'name' || ' TLS cert file and private key set.' end as reason, name as pod_template_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_pod_template, jsonb_array_elements(template -> 'spec' -> 'containers') as c;