https://github.com/mondoohq/mondoo-operator
☸️ Mondoo Client Kubernetes Operator
https://github.com/mondoohq/mondoo-operator
assessment kubernetes kubernetes-operator operator security security-audit
Last synced: 5 months ago
JSON representation
☸️ Mondoo Client Kubernetes Operator
- Host: GitHub
- URL: https://github.com/mondoohq/mondoo-operator
- Owner: mondoohq
- License: other
- Created: 2022-01-10T08:19:23.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2025-01-17T08:17:21.000Z (9 months ago)
- Last Synced: 2025-01-17T09:06:45.744Z (9 months ago)
- Topics: assessment, kubernetes, kubernetes-operator, operator, security, security-audit
- Language: Go
- Homepage: https://mondoo.com
- Size: 2.6 MB
- Stars: 38
- Watchers: 11
- Forks: 14
- Open Issues: 38
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Mondoo Operator for Kubernetes
[](https://github.com/mondoohq/mondoo-operator/actions/workflows/tests.yaml)
[](https://github.com/mondoohq/mondoo-operator/actions/workflows/edge-integration-tests.yaml)
[](https://github.com/mondoohq/mondoo-operator/actions/workflows/cloud-tests.yaml)
> **Project Status**: This project is stable. Any API and CRD changes will be handled in way where previous versions are kept working or migrated.
## Overview
The **Mondoo Operator** provides a new [Kubernetes](https://kubernetes.io/) native way to do a security assessment of your whole Kubernetes Cluster. The purpose of this project is to simplify and automate the configuration for a Mondoo-based security assessment for Kubernetes clusters.
The Mondoo Operator provides the following features:
- Continuous validation of deployed workloads
- Continuous validation of Kubernetes nodes **without** privileged access
- Admission Controller
It is backed by Mondoo's powerful policy-as-code engine [cnspec](https://mondoo.com/docs/cnspec/cnspec-about/) and [MQL](https://mondoo.com/docs/mql/resources/). Mondoo ships out-of-the-box security policies for:
- CIS Kubernetes Benchmarks
- CIS AKS/EKS/GKE/OpenShift Benchmarks
- NSA/CISA Kubernetes Hardening Guide
- Kubernetes Cluster and Workload Security
- Kubernetes Best Practices
## Getting Started
The **Mondoo Operator** can be installed via different methods depending on your Kubernetes workflow:
- [User manual](docs/user-manual.md)
## Tested Kubernetes Environments
The following Kubernetes environments are tested:
- AWS EKS 1.23, 1.24, 1.25, and 1.26
- Azure AKS 1.24, 1.25, and 1.26
- GCP GKE 1.23, 1.24, 1.25, and 1.26
- Minikube with Kubernetes versions 1.24, 1.25, 1.26, and 1.27
- Rancher RKE1 1.22 and 1.23
- K3S 1.24, 1.25, 1.26, and 1.27
## Documentation
Please see the [docs](./docs) directory for more in-depth information.
## Contributing
Many files (documentation, manifests, ...) are auto-generated. Before proposing a pull request:
1. Commit your changes.
2. Run `make generate` and `make test`.
3. Commit the generated changes.
### Running the integration tests locally
To run the integration tests locally copy the `.env.example` file:
```bash
cp .env.example .env
```
Go to Mondoo Platform and create an API token for an organization of choice. Add the API token to the `.env` file. Double-check that the API is set to the correct environment, then run:
```bash
make test/integration
```
## Security
If you find a security vulnerability related to the Mondoo Operator, please do not report it by opening a GitHub issue. Instead, send an email to [security@mondoo.com](mailto:security@mondoo.com)
## Join the community!
Join the [Mondoo Community GitHub Discussions](https://github.com/orgs/mondoohq/discussions) to collaborate on policy as code and security automation.