Skip to content

mondoohq/mondoo-operator

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

2352876 · May 30, 2024
May 14, 2024
Oct 17, 2023
May 14, 2024
May 30, 2024
May 14, 2024
May 30, 2024
May 30, 2024
May 2, 2024
Sep 25, 2023
May 14, 2024
Sep 21, 2023
May 30, 2024
Mar 15, 2022
May 13, 2024
Apr 29, 2022
Oct 17, 2023
Oct 17, 2023
Sep 21, 2023
May 26, 2023
May 26, 2023
Sep 21, 2023
May 13, 2024
Mar 26, 2024
Jan 8, 2024
May 2, 2024
Aug 17, 2023
May 30, 2024
Oct 9, 2023
May 22, 2024
May 22, 2024
Sep 21, 2023

Repository files navigation

Mondoo Operator for Kubernetes

Tests Edge integration tests Cloud tests

Project Status: This project is stable. Any API and CRD changes will be handled in way where previous versions are kept working or migrated.

mondoo operator illustration

Overview

The Mondoo Operator provides a new Kubernetes native way to do a security assessment of your whole Kubernetes Cluster. The purpose of this project is to simplify and automate the configuration for a Mondoo-based security assessment for Kubernetes clusters.

The Mondoo Operator provides the following features:

  • Continuous validation of deployed workloads
  • Continuous validation of Kubernetes nodes without privileged access
  • Admission Controller

It is backed by Mondoo's powerful policy-as-code engine cnspec and MQL. Mondoo ships out-of-the-box security policies for:

  • CIS Kubernetes Benchmarks
  • CIS AKS/EKS/GKE/OpenShift Benchmarks
  • NSA/CISA Kubernetes Hardening Guide
  • Kubernetes Cluster and Workload Security
  • Kubernetes Best Practices

Architecture

Getting Started

The Mondoo Operator can be installed via different methods depending on your Kubernetes workflow:

Tested Kubernetes Environments

The following Kubernetes environments are tested:

  • AWS EKS 1.23, 1.24, 1.25, and 1.26
  • Azure AKS 1.24, 1.25, and 1.26
  • GCP GKE 1.23, 1.24, 1.25, and 1.26
  • Minikube with Kubernetes versions 1.24, 1.25, 1.26, and 1.27
  • Rancher RKE1 1.22 and 1.23
  • K3S 1.24, 1.25, 1.26, and 1.27

Documentation

Please see the docs directory for more in-depth information.

Contributing

Many files (documentation, manifests, ...) are auto-generated. Before proposing a pull request:

  1. Commit your changes.
  2. Run make generate and make test.
  3. Commit the generated changes.

Running the integration tests locally

To run the integration tests locally copy the .env.example file:

cp .env.example .env

Go to Mondoo Platform and create an API token for an organization of choice. Add the API token to the .env file. Double-check that the API is set to the correct environment, then run:

make test/integration

Security

If you find a security vulnerability related to the Mondoo Operator, please do not report it by opening a GitHub issue. Instead, send an email to [email protected]

Join the community!

Join the Mondoo Community GitHub Discussions to collaborate on policy as code and security automation.