Control: ReplicaSet containers should have security context

Description

This check ensures that ReplicaSet container has security context defined.

Usage

Run the control in your terminal:

powerpipe control run kubernetes_compliance.control.replicaset_container_security_context_exists

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run kubernetes_compliance.control.replicaset_container_security_context_exists --share

SQL

This control uses a named query:

select
  coalesce(uid, concat(path, ':', start_line)) as resource,
  case
    when c -> 'securityContext' is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when c -> 'securityContext' is not null then c ->> 'name' || ' security context exists.'
    else c ->> 'name' || ' security context does not exist.'
  end as reason,
  name as replicaset_name
  
  , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as path
from
  kubernetes_replicaset,
  jsonb_array_elements(template -> 'spec' -> 'containers') as c;

Control: ReplicaSet containers should have security context

Description

Usage

SQL

Tags