Skip to content

mondoohq/mondoo-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

725 Commits

.github

.github

 
 

.vscode

.vscode

 
 

api/v1alpha2

api/v1alpha2

 
 

charts/mondoo-operator

charts/mondoo-operator

 
 

cmd/mondoo-operator

cmd/mondoo-operator

 
 

config

config

 
 

controllers

controllers

 
 

docs

docs

 
 

hack

hack

 
 

pkg

pkg

 
 

scripts

scripts

 
 

tests

tests

 
 

.actrc

.actrc

 
 

.copywrite.hcl

.copywrite.hcl

 
 

.dockerignore

.dockerignore

 
 

.env.example

.env.example

 
 

.gitignore

.gitignore

 
 

.golangci.yml

.golangci.yml

 
 

.prettierignore

.prettierignore

 
 

.prettierrc.json

.prettierrc.json

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

PROJECT

PROJECT

 
 

README.md

README.md

 
 

RELEASE.md

RELEASE.md

 
 

bundle.Dockerfile

bundle.Dockerfile

 
 

cnspec.Dockerfile

cnspec.Dockerfile

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

release.sh

release.sh

 
 

Repository files navigation

Mondoo Operator for Kubernetes

Tests Edge integration tests Cloud tests

Project Status: This project is stable. Any API and CRD changes will be handled in way where previous versions are kept working or migrated.

mondoo operator illustration

Overview

The Mondoo Operator provides a new Kubernetes native way to do a security assessment of your whole Kubernetes Cluster. The purpose of this project is to simplify and automate the configuration for a Mondoo-based security assessment for Kubernetes clusters.

The Mondoo Operator provides the following features:

  • Continuous validation of deployed workloads
  • Continuous validation of Kubernetes nodes without privileged access
  • Admission Controller

It is backed by Mondoo's powerful policy-as-code engine cnspec and MQL. Mondoo ships out-of-the-box security policies for:

  • CIS Kubernetes Benchmarks
  • CIS AKS/EKS/GKE/OpenShift Benchmarks
  • NSA/CISA Kubernetes Hardening Guide
  • Kubernetes Cluster and Workload Security
  • Kubernetes Best Practices

Architecture

Getting Started

The Mondoo Operator can be installed via different methods depending on your Kubernetes workflow:

Tested Kubernetes Environments

The following Kubernetes environments are tested:

  • AWS EKS 1.23, 1.24, 1.25, and 1.26
  • Azure AKS 1.24, 1.25, and 1.26
  • GCP GKE 1.23, 1.24, 1.25, and 1.26
  • Minikube with Kubernetes versions 1.24, 1.25, 1.26, and 1.27
  • Rancher RKE1 1.22 and 1.23
  • K3S 1.24, 1.25, 1.26, and 1.27

Documentation

Please see the docs directory for more in-depth information.

Contributing

Many files (documentation, manifests, ...) are auto-generated. Before proposing a pull request:

  1. Commit your changes.
  2. Run make generate and make test.
  3. Commit the generated changes.

Running the integration tests locally

To run the integration tests locally copy the .env.example file:

cp .env.example .env

Go to Mondoo Platform and create an API token for an organization of choice. Add the API token to the .env file. Double-check that the API is set to the correct environment, then run:

make test/integration

Security

If you find a security vulnerability related to the Mondoo Operator, please do not report it by opening a GitHub issue. Instead, send an email to security@mondoo.com

Join the community!

Join the Mondoo Community GitHub Discussions to collaborate on policy as code and security automation.

About

☸️ Mondoo Client Kubernetes Operator

mondoo.com

Topics

kubernetes security security-audit assessment operator kubernetes-operator

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

33 stars

Watchers

9 watching

Forks

12 forks
Report repository

Releases 193

v11.1.1 Latest
Apr 30, 2024
+ 192 releases

Packages 3

 
 
 

Contributors 15

Languages