No project description provided
Project description
eks-best-practices-cli
This is not an officially supported AWS product.
Runs checks to see if an EKS cluster follows EKS Best Practices.
Quick Start:
python3 -m venv /tmp/.venv
source /tmp/.venv/bin/activate
pip install eks-best-practices-cli
Configuration File:
There is a configuration file that you have to provide which allows customization of which checks to run as well as namespaces to be skipped by the checks. Following is a sample config file.
[namespaces]
ignored = [
"kube-node-lease",
"kube-public",
"kube-system",
"kube-apiserver"
]
[rules]
run = [
"disable_anonymous_access_for_cluster_roles",
"disable_anonymous_access_for_roles",
"restrict_wildcard_for_roles",
"restrict_wildcard_for_cluster_roles",
"check_endpoint_public_access",
"check_aws_node_daemonset_service_account",
"check_access_to_instance_profile",
"disable_service_account_token_mounts",
"disable_run_as_root_user",
"use_dedicated_service_accounts_for_each_deployment",
"use_dedicated_service_accounts_for_each_stateful_set",
"use_dedicated_service_accounts_for_each_daemon_set",
"disallow_container_socket_mount",
"disallow_host_path_or_make_it_read_only",
"set_requests_limits_for_containers",
"disallow_privilege_escalation",
"check_read_only_root_file_system",
"check_logs_are_enabled",
"print_aws_auth_config_map_updates",
"print_creation_or_changes_to_validation_webhooks",
"print_create_update_delete_to_roles",
"print_create_update_delete_to_cluster_role_bindings",
"print_create_update_delete_to_cluster_roles",
"print_create_update_delete_to_role_bindings",
"print_failed_anonymous_requests",
"check_default_deny_policy_exists",
"ensure_namespace_quotas_exist",
"check_vpc_flow_logs",
"use_encryption_with_aws_load_balancers"
]
Usage:
eks-best-practices-cli [OPTIONS]
Options:
--region TEXT: AWS Region [required]--context TEXT: Kubernetes context [required]--config-path PATH: Path to the config file [required]--help: Show this message and exit.
You can get the current kubernetes context by running:
kubectl config current-context
As an example:
check-eks-best-practices --region us-east-1 --context arn:aws:eks:us-east-1:some-account-id:cluster/some-cluster-name --config-path /path/to/config.ini
For Developers
Prerequisites:
- This cli uses poetry. Follow instructions that are outlined here to install poetry.
Installation:
git clone git@github.com:dorukozturk/eks-best-practices-cli.git
cd eks-best-practices-cli
poetry install
Running Tests:
poetry shell
pytest --cov=eks_best_practices_cli tests/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file eks-best-practices-cli-0.1.1.tar.gz.
File metadata
- Download URL: eks-best-practices-cli-0.1.1.tar.gz
- Upload date:
- Size: 13.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.0 CPython/3.10.6 Darwin/20.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1c4086ec7de01378a712128f24e2973ceb3747c15f704f92c22d20ef57bb5b81 |
|
| MD5 | 57fc023fffd53c3f84b9477b5b4baa7f |
|
| BLAKE2b-256 | f59ab9943224d4ab15776fa107712f390dcb8d15cbb98c8d570d6fb02973980f |
File details
Details for the file eks_best_practices_cli-0.1.1-py3-none-any.whl.
File metadata
- Download URL: eks_best_practices_cli-0.1.1-py3-none-any.whl
- Upload date:
- Size: 16.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.0 CPython/3.10.6 Darwin/20.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a89aa63ac62a79287dcf528c9fc287ba7a907fd55b31b3f7602e86b07cec6f46 |
|
| MD5 | 182db73f7598086790a0344621f90e2f |
|
| BLAKE2b-256 | eddcd2ea2f20904aad024647df5943264dcf81125c251b261bcb8355029273aa |
