mondoo-operator

module
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 22, 2022 License: MPL-2.0

README

Mondoo Operator for Kubernetes

Tests Edge integration tests Cloud tests License

Project Status: This project is stable. Any API and CRD changes will be handled in way where previous versions are kept working or migrated.

Overview

The Mondoo Operator provides a new Kubernetes native way to do a security assessment of your whole Kubernetes Cluster. The purpose of this project is to simplify and automate the configuration for a Mondoo-based security assessment for Kubernetes clusters.

The Mondoo Operator provides the following features:

  • Continuous validation of deployed workloads
  • Continuous validation of Kubernetes nodes without privileged access
  • Admission Controller (alpha version)

It is backed by Mondoo's powerful Policy-as-Code the Mondoo Query Language (MQL). Mondoo ships out-of-the-box security policies for Kubernetes:

  • CIS Kubernetes Benchmark
  • Kubernetes Application Benchmark

Architecture

Getting Started

The Mondoo Operator can be installed via different methods depending on your Kubernetes workflow:

Tested Kubernetes Environments

The following Kubernetes environments are tested:

  • AWS EKS 1.22 and 1.23
  • Azure AKS 1.22, 1.23 and 1.24
  • GCP GKE 1.22, 1.23 and 1.24
  • Minikube with Kubernetes versions 1.22, 1.23 and 1.24
  • Rancher RKE1 1.22 and 1.23
  • K3S 1.22, 1.23 and 1.24

Documentation

Please see the docs directory for more in-depth information.

Contributing

Many files (documentation, manifests, ...) are auto-generated. Before proposing a pull request:

  1. Commit your changes.
  2. Run make generate and make test.
  3. Commit the generated changes.

Security

If you find a security vulnerability related to the Mondoo Operator, please do not report it by opening a GitHub issue. Instead, send an e-mail to security@mondoo.com

License

Mozilla Public License v2.0

Directories

Path Synopsis
api
v1alpha2
Package v1alpha2 contains API Schema definitions for the k8s v1alpha2 API group +kubebuilder:object:generate=true +groupName=k8s.mondoo.com
Package v1alpha2 contains API Schema definitions for the k8s v1alpha2 API group +kubebuilder:object:generate=true +groupName=k8s.mondoo.com
cmd
resource_monitor/debouncer/mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
resource_monitor/scan_api_store/mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
pkg
mondooclient/mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
tests

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL