Skip to main content

k8s_containers resource

Use the k8s_containers Chef InSpec audit resource to test the configurations of all Containers in a namespace.

Installation

Syntax

describe k8s_containers do
  #...
end

Parameter

namespace
Namespace of the resource.

Properties

names
Name of the Container.
images
Container image name.
commands
Entrypoint array.
args
Arguments to the entrypoint.
resources
Compute Resources required by this container.
volumeMounts
Pod volumes to mount into the container’s filesystem
livenessProbes
Periodic probe of container liveness
readinessProbes
Periodic probe of container service readiness
imagePullPolicies
Image pull policy, One of Always, Never, IfNotPresent
securityContexts
Security options the pod should run with

Examples

Containers for default namespace must exist

 describe k8s_containers do
  it { should exist }
end

Containers for specified namespace must exist

describe k8s_containers(namespace: 'kube-system') do
  it { should exist }
end

Containers with readOnlyRootFilesystem exists

describe k8s_containers(namespace: 'kube-system').where{ securityContext && securityContext[:readOnlyRootFilesystem] == true } do 
  it { should exist }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

Edit this page on GitHub

Thank you for your feedback!

×









Search Results