Linux command
kubeaudit 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Audit running cluster
kubeaudit all
Audit manifest files
kubeaudit all -f [deployment.yaml]
Run specific auditor
kubeaudit [privileged] -f [manifest.yaml]
Audit in cluster
kubeaudit all -c [cluster]
Output as JSON
kubeaudit all -f [manifest.yaml] -p json
Audit specific namespace
kubeaudit all -n [namespace]
Autofix a manifest file
kubeaudit autofix -f [manifest.yaml]
说明
kubeaudit audits Kubernetes clusters and manifests for security vulnerabilities. It checks configurations against security best practices. The tool can audit running clusters, local manifests, or both, providing actionable findings for improving cluster security.
参数
- all
- Run all auditors.
- -f _file_
- Audit manifest file.
- -d _dir_
- Audit directory of manifests.
- -c, --context _name_
- Kubernetes context.
- -n, --namespace _name_
- Target namespace.
- -p, --format _format_
- Output format: logrus, json, sarif.
- --kubeconfig _path_
- Path to kubeconfig file.
- --minSeverity _level_
- Minimum severity to report (error, warning, info).
FAQ
What is the kubeaudit command used for?
kubeaudit audits Kubernetes clusters and manifests for security vulnerabilities. It checks configurations against security best practices. The tool can audit running clusters, local manifests, or both, providing actionable findings for improving cluster security.
How do I run a basic kubeaudit example?
Run `kubeaudit all` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does all do in kubeaudit?
Run all auditors.