Control: Replication Controller containers argument etcd client cert auth should be enabled
Description
This check ensures that the container in the Replication Controller has argument etcd client cert auth enabled.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.replication_controller_container_argument_etcd_client_cert_auth_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.replication_controller_container_argument_etcd_client_cert_auth_enabled --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null or not ((c -> 'command') @> '["etcd"]') then 'ok' when (c -> 'command') @> '["etcd"]' and (c -> 'command') @> '["--client-cert-auth=true"]' then 'ok' else 'alarm' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when not ((c -> 'command') @> '["etcd"]') then c ->> 'name' || ' etcd not defined.' when (c -> 'command') @> '["etcd"]' and (c -> 'command') @> '["--client-cert-auth=true"]' then c ->> 'name' || ' client cert auth enabled.' else c ->> 'name' || ' client cert auth disabled.' end as reason, name as replication_controller_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_replication_controller, jsonb_array_elements(template -> 'spec' -> 'containers') as c;