mondoo-operator

module
v1.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 4, 2023 License: MPL-2.0

README

Mondoo Operator for Kubernetes

Tests Edge integration tests Cloud tests License

Project Status: This project is stable. Any API and CRD changes will be handled in way where previous versions are kept working or migrated.

Overview

The Mondoo Operator provides a new Kubernetes native way to do a security assessment of your whole Kubernetes Cluster. The purpose of this project is to simplify and automate the configuration for a Mondoo-based security assessment for Kubernetes clusters.

The Mondoo Operator provides the following features:

  • Continuous validation of deployed workloads
  • Continuous validation of Kubernetes nodes without privileged access
  • Admission Controller

It is backed by Mondoo's powerful policy-as-code engine cnspec and MQL. Mondoo ships out-of-the-box security policies for:

  • CIS Kubernetes Benchmarks
  • CIS AKS/EKS/GKE/OpenShift Benchmarks
  • NSA/CISA Kubernetes Hardening Guide
  • Kubernetes Cluster and Workload Security
  • Kubernetes Best Practices

Architecture

Getting Started

The Mondoo Operator can be installed via different methods depending on your Kubernetes workflow:

Tested Kubernetes Environments

The following Kubernetes environments are tested:

  • AWS EKS 1.22, 1.23, and 1.24
  • Azure AKS 1.23, 1.24, and 1.25
  • GCP GKE 1.22, 1.23, and 1.24
  • Minikube with Kubernetes versions 1.22, 1.23 and 1.24
  • Rancher RKE1 1.22 and 1.23
  • K3S 1.22, 1.23 and 1.24

Documentation

Please see the docs directory for more in-depth information.

Contributing

Many files (documentation, manifests, ...) are auto-generated. Before proposing a pull request:

  1. Commit your changes.
  2. Run make generate and make test.
  3. Commit the generated changes.

Security

If you find a security vulnerability related to the Mondoo Operator, please do not report it by opening a GitHub issue. Instead, send an e-mail to security@mondoo.com

Join the community!

Join the Mondoo Community GitHub Discussions to collaborate on policy as code and security automation.

License

Mozilla Public License v2.0

Directories

Path Synopsis
api
v1alpha2
Package v1alpha2 contains API Schema definitions for the k8s v1alpha2 API group +kubebuilder:object:generate=true +groupName=k8s.mondoo.com
Package v1alpha2 contains API Schema definitions for the k8s v1alpha2 API group +kubebuilder:object:generate=true +groupName=k8s.mondoo.com
cmd
resource_monitor/debouncer/mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
resource_monitor/scan_api_store/mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
pkg
mondooclient/mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
tests

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL