Kubeaudit
Definition
Kubeaudit is an open-source tool designed to audit Kubernetes clusters for security compliance. It automatically checks for common security issues in Kubernetes configurations, such as overly permissive access controls, lack of resource limits, and insecure network policies. By identifying these vulnerabilities, Kubeaudit helps ensure that Kubernetes deployments adhere to best practices and reduce the attack surface.
Secure Settings Example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
containers:
- name: secure-container
image: nginx:latest
securityContext:
runAsNonRoot: true
capabilities:
drop:
- ALL
resources:
limits:
memory: "256Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "250m"
Insecure Settings Example
apiVersion: v1
kind: Pod
metadata:
name: insecure-pod
spec:
containers:
- name: insecure-container
image: nginx:latest
securityContext:
privileged: true
resources:
limits:
memory: "1Gi"
cpu: "1"