Control: ReplicaSet containers peer client cert auth should be enabled
Description
This check ensures that the container in the ReplicaSet has peer client cert auth enabled.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.replicaset_container_arg_peer_client_cert_auth_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.replicaset_container_arg_peer_client_cert_auth_enabled --shareSQL
This control uses a named query:
select distinct(coalesce(uid, concat(path, ':', start_line))) as resource, case when (c -> 'args') @> '["--peer-client-cert-auth=true"]' then 'ok' else 'alarm' end as status, case when (c -> 'args') @> '["--peer-client-cert-auth=true"]' then c ->> 'name' || ' peer client cert auth enabled.' else c ->> 'name' || ' peer client cert auth disabled.' end as reason, name as replicaset_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_replicaset, jsonb_array_elements(template -> 'spec' -> 'containers') as c;