Control: PodTemplate containers argument insecure bind address should not be set
Description
This check ensures that the PodTemplate container does not have an argument insecure bind address set.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.pod_template_container_no_argument_insecure_bind_addressSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.pod_template_container_no_argument_insecure_bind_address --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null then 'ok' when (c -> 'command') @> '["kube-apiserver"]' and (c ->> 'command' like '%--insecure-bind-address%') then 'alarm' else 'ok' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when (c -> 'command') @> '["kube-apiserver"]' and (c ->> 'command' like '%--insecure-bind-address%') then c ->> 'name' || ' has insecure bind address.' else c ->> 'name' || ' has no insecure bind address.' end as reason, name as pod_template_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as path from kubernetes_pod_template, jsonb_array_elements(template -> 'spec' -> 'containers') as c;