Skip to content

mondoohq/mondoo-operator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Mondoo Operator for Kubernetes

Tests Edge integration tests Cloud tests

Project Status: This project is stable. Any API and CRD changes will be handled in way where previous versions are kept working or migrated.

mondoo operator illustration

Overview

The Mondoo Operator provides a new Kubernetes native way to do a security assessment of your whole Kubernetes Cluster. The purpose of this project is to simplify and automate the configuration for a Mondoo-based security assessment for Kubernetes clusters.

The Mondoo Operator provides the following features:

  • Continuous validation of deployed workloads
  • Continuous validation of Kubernetes nodes without privileged access
  • Admission Controller

It is backed by Mondoo's powerful policy-as-code engine cnspec and MQL. Mondoo ships out-of-the-box security policies for:

  • CIS Kubernetes Benchmarks
  • CIS AKS/EKS/GKE/OpenShift Benchmarks
  • NSA/CISA Kubernetes Hardening Guide
  • Kubernetes Cluster and Workload Security
  • Kubernetes Best Practices

Architecture

Getting Started

The Mondoo Operator can be installed via different methods depending on your Kubernetes workflow:

Tested Kubernetes Environments

The following Kubernetes environments are tested:

  • AWS EKS 1.23, 1.24, 1.25, and 1.26
  • Azure AKS 1.24, 1.25, and 1.26
  • GCP GKE 1.23, 1.24, 1.25, and 1.26
  • Minikube with Kubernetes versions 1.24, 1.25, 1.26, and 1.27
  • Rancher RKE1 1.22 and 1.23
  • K3S 1.24, 1.25, 1.26, and 1.27

Documentation

Please see the docs directory for more in-depth information.

Contributing

Many files (documentation, manifests, ...) are auto-generated. Before proposing a pull request:

  1. Commit your changes.
  2. Run make generate and make test.
  3. Commit the generated changes.

Running the integration tests locally

To run the integration tests locally copy the .env.example file:

cp .env.example .env

Go to Mondoo Platform and create an API token for an organization of choice. Add the API token to the .env file. Double-check that the API is set to the correct environment, then run:

make test/integration

Security

If you find a security vulnerability related to the Mondoo Operator, please do not report it by opening a GitHub issue. Instead, send an email to [email protected]

Join the community!

Join the Mondoo Community GitHub Discussions to collaborate on policy as code and security automation.