Control: Replication Controller containers should has encryption providers configured appropriately
Description
This check ensures that the container in the Replication Controller has encryption providers configured appropriately.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.replication_controller_container_encryption_providers_configuredSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.replication_controller_container_encryption_providers_configured --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null or not ((c -> 'command') @> '["kube-apiserver"]') then 'ok' when (c -> 'command') @> '["kube-apiserver"]' and (c ->> 'command' not like '%"--encryption-provider-config=%') then 'alarm' else 'ok' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when not ((c -> 'command') @> '["kube-apiserver"]') then c ->> 'name' || ' kube-apiserver not defined.' when (c -> 'command') @> '["kube-apiserver"]' and (c ->> 'command' not like '%"--encryption-provider-config=%') then c ->> 'name' || ' encryption providers not configured appropriately.' else c ->> 'name' || ' encryption providers configured appropriately.' end as reason, name as replication_controller_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_replication_controller, jsonb_array_elements(template -> 'spec' -> 'containers') as c;