Skip to main content

k8s_containers resource

Use the k8s_containers Chef InSpec audit resource to test the configurations of all Containers in a namespace.

Syntax

describe k8s_containers do
  #...
end

Parameter

namespace
Namespace of the resource.

Properties

names
Name of the Container.
images
Container image name.
commands
Entrypoint array.
args
Arguments to the entrypoint.
resources
Compute Resources required by this container.
volumeMounts
Pod volumes to mount into the container’s filesystem
livenessProbes
Periodic probe of container liveness
readinessProbes
Periodic probe of container service readiness
imagePullPolicies
Image pull policy, One of Always, Never, IfNotPresent
securityContexts
Security options the pod should run with

Examples

Containers for default namespace must exist:

 describe k8s_containers do
  it { should exist }
end

Containers for specified namespace must exist:

describe k8s_containers(namespace: 'kube-system') do
  it { should exist }
end

Containers with readOnlyRootFilesystem exists:

describe k8s_containers(namespace: 'kube-system').where{ securityContext && securityContext[:readOnlyRootFilesystem] == true } do 
  it { should exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

Thank you for your feedback!

×