Running kubeaudit
kubeaudit is a command line tool to audit Kubernetes clusters for various different security concerns:
- run the container as a non-root user
- use a read only root filesystem
- drop scary capabilities
- don't add new ones
- don't run privileged
- etc.
How to run kubeaudit
- Running the
kubeauditwith all checks
cd /data/kubeaudit
./kubeaudit all
We can also use
kubeauditto fix vulnerabilities in a live cluster*Not recommended for production