-
Notifications
You must be signed in to change notification settings - Fork 0
/
Bombadil.yaml
33 lines (33 loc) · 1.56 KB
/
Bombadil.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---
- name: Verificar seguridad del clúster de Kubernetes
hosts: localhost
gather_facts: false
tasks:
- name: Verificar versión de Kubernetes
shell: kubectl version --short | awk '/Server Version:/ {print $3}'
register: k8s_version
- name: Verificar autenticación y autorización habilitadas
shell: kubectl auth can-i '*' '*'
register: auth_info
failed_when: "auth_info.rc != 0"
- name: Verificar encriptación de los datos y los secretos
shell: kubectl get secrets --all-namespaces -o json | jq '.items[] | select(.type == "kubernetes.io/tls")'
register: secrets_info
failed_when: "secrets_info.rc != 0 or secrets_info.stdout == '[]'"
- name: Verificar puertos expuestos
shell: kubectl get services --all-namespaces -o json | jq '.items[] | select(.spec.type == "LoadBalancer" or .spec.type == "NodePort")'
register: services_info
failed_when: "services_info.rc != 0 or services_info.stdout == '[]'"
- name: Verificar vulnerabilidades en las imágenes
shell: >-
curl --silent https://quay.io/cnr/api/v1/packages?namespace=kubernetes | jq '.results[] | select(.status.reason == "Vulnerability") | .status.message'
register: vulnerabilities
failed_when: "vulnerabilidades.rc != 0 or vulnerabilities.stdout != 'null'"
- name: Mostrar resultados
debug:
var:
k8s_version: "{{ k8s_version.stdout }}"
auth_info: "{{ auth_info.stdout }}"
secrets_info: "{{ secrets_info.stdout }}"
services_info: "{{ services_info.stdout }}"
vulnerabilities: "{{ vulnerabilities.stdout }}"