About the Chef InSpec Kubernetes resource pack
Chef InSpec Kubernetes resources allow you to audit and validate the configuration, security, and compliance of your Kubernetes clusters.
Requirements
- Inspec 3.7 or greater
- InSpec K8s train/backend plugin train-kubernetes
Usage
To create and run a profile against a Kubernetes cluster, follow these steps:
Ensure your
KUBECONFIGenvironment variable or~/.kube/configfile has a valid configuration and credentials for the target cluster.Define the platform and this resource pack as a dependency in your profile’s
inspec.ymlfile:supports: platform: k8s depends: - name: inspec-k8s url: https://github.com/inspec/inspec-k8s/archive/main.tar.gzDefine controls using the resources listed below.
Execute the profile against your cluster:
inspec exec profile -t k8s://
Example
For an example profile, see the inspec-k8s-sample example repository.
Kubernetes resources
The following Chef InSpec Kubernetes resources are available in this resource pack.
- k8s_api_resources resource
- k8s_config_map resource
- k8s_config_maps resource
- k8s_container resource
- k8s_containers resource
- k8s_cronjob resource
- k8s_cronjobs resource
- k8s_daemon_set resource
- k8s_daemon_sets resource
- k8s_deployment resource
- k8s_deployments resource
- k8s_exec_file resource
- k8s_job resource
- k8s_jobs resource
- k8s_namespace resource
- k8s_namespaces resource
- k8s_network_policies resource
- k8s_network_policy resource
- k8s_node resource
- k8s_nodes resource
- k8s_pod resource
- k8s_pods resource
- k8s_rbac_cluster_role resource
- k8s_rbac_cluster_roles resource
- k8sobject resource
- k8sobjects resource