Skip to content

mondoohq/mondoo-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

761 Commits
.github
.github
 
 
.vscode
.vscode
 
 
api/v1alpha2
api/v1alpha2
 
 
charts/mondoo-operator
charts/mondoo-operator
 
 
cmd/mondoo-operator
cmd/mondoo-operator
 
 
config
config
 
 
controllers
controllers
 
 
docs
docs
 
 
hack
hack
 
 
pkg
pkg
 
 
scripts
scripts
 
 
tests
tests
 
 
.actrc
.actrc
 
 
.copywrite.hcl
.copywrite.hcl
 
 
.dockerignore
.dockerignore
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.json
.prettierrc.json
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
PROJECT
PROJECT
 
 
README.md
README.md
 
 
RELEASE.md
RELEASE.md
 
 
bundle.Dockerfile
bundle.Dockerfile
 
 
cnspec.Dockerfile
cnspec.Dockerfile
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
release.sh
release.sh
 
 

Repository files navigation

Mondoo Operator for Kubernetes

Tests Edge integration tests Cloud tests

Project Status: This project is stable. Any API and CRD changes will be handled in way where previous versions are kept working or migrated.

mondoo operator illustration

Overview

The Mondoo Operator provides a new Kubernetes native way to do a security assessment of your whole Kubernetes Cluster. The purpose of this project is to simplify and automate the configuration for a Mondoo-based security assessment for Kubernetes clusters.

The Mondoo Operator provides the following features:

  • Continuous validation of deployed workloads
  • Continuous validation of Kubernetes nodes without privileged access
  • Admission Controller

It is backed by Mondoo's powerful policy-as-code engine cnspec and MQL. Mondoo ships out-of-the-box security policies for:

  • CIS Kubernetes Benchmarks
  • CIS AKS/EKS/GKE/OpenShift Benchmarks
  • NSA/CISA Kubernetes Hardening Guide
  • Kubernetes Cluster and Workload Security
  • Kubernetes Best Practices

Architecture

Getting Started

The Mondoo Operator can be installed via different methods depending on your Kubernetes workflow:

Tested Kubernetes Environments

The following Kubernetes environments are tested:

  • AWS EKS 1.23, 1.24, 1.25, and 1.26
  • Azure AKS 1.24, 1.25, and 1.26
  • GCP GKE 1.23, 1.24, 1.25, and 1.26
  • Minikube with Kubernetes versions 1.24, 1.25, 1.26, and 1.27
  • Rancher RKE1 1.22 and 1.23
  • K3S 1.24, 1.25, 1.26, and 1.27

Documentation

Please see the docs directory for more in-depth information.

Contributing

Many files (documentation, manifests, ...) are auto-generated. Before proposing a pull request:

  1. Commit your changes.
  2. Run make generate and make test.
  3. Commit the generated changes.

Running the integration tests locally

To run the integration tests locally copy the .env.example file:

cp .env.example .env

Go to Mondoo Platform and create an API token for an organization of choice. Add the API token to the .env file. Double-check that the API is set to the correct environment, then run:

make test/integration

Security

If you find a security vulnerability related to the Mondoo Operator, please do not report it by opening a GitHub issue. Instead, send an email to [email protected]

Join the community!

Join the Mondoo Community GitHub Discussions to collaborate on policy as code and security automation.

About

☸️ Mondoo Client Kubernetes Operator

mondoo.com

Topics

kubernetes security security-audit assessment operator kubernetes-operator

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

36 stars

Watchers

9 watching

Forks

13 forks
Report repository

Releases 205

v11.4.1 Latest
Sep 18, 2024
+ 204 releases

Packages

 
 
 

Contributors 16

+ 2 contributors

Languages