Control: Replication Controller containers peer client cert auth should be enabled
Description
This check ensures that the container in the Replication Controller has peer client cert auth enabled.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.replication_controller_container_arg_peer_client_cert_auth_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.replication_controller_container_arg_peer_client_cert_auth_enabled --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'args') @> '["--peer-client-cert-auth=true"]' then 'ok' else 'alarm' end as status, case when (c -> 'args') @> '["--peer-client-cert-auth=true"]' then c ->> 'name' || ' peer client cert auth enabled.' else c ->> 'name' || ' peer client cert auth disabled.' end as reason, name as replication_controller_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_replication_controller, jsonb_array_elements(template -> 'spec' -> 'containers') as c;