No project description provided
Project description
eks-best-practices-cli
This is not an officially supported AWS product.
Runs checks to see if an EKS cluster follows EKS Best Practices.
Quick Start:
python3 -m venv /tmp/.venv
source /tmp/.venv/bin/activate
pip install eks-best-practices-cli
Configuration File:
There is a configuration file that you have to provide which allows customization of which checks to run as well as namespaces to be skipped by the checks. Following is a sample config file.
[namespaces]
ignored = [
"kube-node-lease",
"kube-public",
"kube-system",
"kube-apiserver"
]
[rules]
run = [
"disable_anonymous_access_for_cluster_roles",
"disable_anonymous_access_for_roles",
"restrict_wildcard_for_roles",
"restrict_wildcard_for_cluster_roles",
"check_endpoint_public_access",
"check_aws_node_daemonset_service_account",
"check_access_to_instance_profile",
"disable_service_account_token_mounts",
"disable_run_as_root_user",
"use_dedicated_service_accounts_for_each_deployment",
"use_dedicated_service_accounts_for_each_stateful_set",
"use_dedicated_service_accounts_for_each_daemon_set",
"disallow_container_socket_mount",
"disallow_host_path_or_make_it_read_only",
"set_requests_limits_for_containers",
"disallow_privilege_escalation",
"check_read_only_root_file_system",
"check_logs_are_enabled",
"print_aws_auth_config_map_updates",
"print_creation_or_changes_to_validation_webhooks",
"print_create_update_delete_to_roles",
"print_create_update_delete_to_cluster_role_bindings",
"print_create_update_delete_to_cluster_roles",
"print_create_update_delete_to_role_bindings",
"print_failed_anonymous_requests",
"check_default_deny_policy_exists",
"ensure_namespace_quotas_exist",
"check_vpc_flow_logs",
"use_encryption_with_aws_load_balancers"
]
Usage:
eks-best-practices-cli [OPTIONS]
Options:
--region TEXT: AWS Region [required]--context TEXT: Kubernetes context [required]--config-path PATH: Path to the config file [required]--help: Show this message and exit.
You can get the current kubernetes context by running:
kubectl config current-context
As an example:
check-eks-best-practices --region us-east-1 --context arn:aws:eks:us-east-1:some-account-id:cluster/some-cluster-name --config-path /path/to/config.ini
For Developers
Prerequisites:
- This cli uses poetry. Follow instructions that are outlined here to install poetry.
Installation:
git clone git@github.com:dorukozturk/eks-best-practices-cli.git
cd eks-best-practices-cli
poetry install
Running Tests:
poetry shell
pytest --cov=eks_best_practices_cli tests/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for eks-best-practices-cli-0.1.1.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1c4086ec7de01378a712128f24e2973ceb3747c15f704f92c22d20ef57bb5b81 |
|
| MD5 | 57fc023fffd53c3f84b9477b5b4baa7f |
|
| BLAKE2b-256 | f59ab9943224d4ab15776fa107712f390dcb8d15cbb98c8d570d6fb02973980f |
Close
Hashes for eks_best_practices_cli-0.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a89aa63ac62a79287dcf528c9fc287ba7a907fd55b31b3f7602e86b07cec6f46 |
|
| MD5 | 182db73f7598086790a0344621f90e2f |
|
| BLAKE2b-256 | eddcd2ea2f20904aad024647df5943264dcf81125c251b261bcb8355029273aa |
