-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Kubernetes
This provider scans your Kubernetes cluster.
There easiest method to authenticate a Kubernetes cluster is setting up the kubeconfig file in the default directory. Different cloud providers have different ways to do so, and different operating systems have different default directories. In Ubuntu Linux, for example, the configuration file can be written to the .kube directory as config.
The Scout Suite Kubernetes provider also has a few command line options to load the configuration:
-
--config-file KUBERNETES_CONFIG_FILE: Name of the kubeconfig file. By default, it will use Kubernetes' default directory. -
--context KUBERNETES_CONTEXT: Cluster context to scan. By default, current_context from config file will be used. -
--do-not-persist-config: If specified, config file will NOT be updated when changed (e.g GCP token refresh). -
--subscription-id KUBERNETES_AZURE_SUBSCRIPTION_ID: Azure Subscription containing the cluster. If unspecified, the default subscription will be used.
If your Kubernetes cluster is cloud-hosted, at a minimum ensure your cloud identity has admin or cluster-wide read access to it.
Simply run:
scout kubernetesThe Kubernetes provider can also scan the control plane through the help of other providers. At the moment, only AWS, Azure and GKE are supported. Note this may require assigning additional permissions to the cloud identity performing the audit.
scout kubernetes -c aws
scout kubernetes -c azure
scout kubernetes -c gke- Home
- Getting Started
- Setup
- Compliance
- Configuration and Usage
- Docker
- [v6] Upgrade to v6-alpha
- Advanced Usage
- Understanding the Architecture
- How to Contribute
- FAQ