prowler-kubernetes

Run the default checks using the default kubeconfig location

$ prowler kubernetes

$ prowler kubernetes --kubeconfig-file [path/to/kubeconfig]

$ prowler kubernetes --context [my-context]

$ prowler kubernetes --namespaces [default] [kube-system]

$ prowler kubernetes [[-s|--services]] [ietcd apiserver ...]

$ prowler kubernetes [[-c|--checks]] [etcd_encryption]

$ prowler kubernetes [[-e|--excluded-checks]] [etcd_encryption] --exclude-services [ietcd apiserver ...]

prowler-kubernetes [--cloud-provider {aws|azure|gcp}] [--kubeconfig <path>] [--checks <check_id_list>] [--output-modes <modes>] [--output-file <file>]

--cloud-provider {aws|azure|gcp}
    Specifies the cloud provider for managed Kubernetes services (e.g., EKS, AKS, GKE) to be assessed. This directs Prowler to use the respective cloud APIs for relevant checks.

--kubeconfig <path>
    Provides the path to a kubeconfig file, allowing Prowler to directly access and assess a Kubernetes cluster's API server. Essential for non-cloud-managed clusters or direct access.

--checks <check_id_list>
    Executes a comma-separated list of specific Kubernetes-related check IDs. This option is useful for running targeted assessments instead of all available checks.

--output-modes <modes>
    Defines the output format(s) for the report (e.g., json, html, csv, cli). Multiple modes can be specified separated by commas, providing flexibility in report generation.

--output-file <file>
    Specifies the base name for output report files. Reports will be saved with this prefix and appropriate file extensions based on the chosen output modes.

--list-checks
    Displays a comprehensive list of all available Kubernetes-related security checks that Prowler can perform, including their IDs and descriptions.

--only-enabled-checks
    Runs only the checks that are enabled by default for Kubernetes environments, streamlining the assessment and focusing on common security practices.

--verbose
    Increases the verbosity of the output, showing more details and progress messages during the security assessment, which can be helpful for debugging.

--parallel
    Runs checks in parallel to significantly speed up the assessment process, especially beneficial for large clusters or when running numerous checks.

Prowler is an open-source cloud security tool designed to perform security assessments, audits, and hardening. When focused on Kubernetes (conceptually represented by prowler-kubernetes), it evaluates the security posture of Kubernetes clusters. This includes checking for compliance with security best practices, identifying misconfigurations in cluster components, network policies, RBAC, and container security. It can integrate with cloud-managed Kubernetes services like Amazon EKS, Azure AKS, and Google GKE, leveraging their APIs for assessment. Prowler generates detailed reports, highlighting findings and suggesting remediation steps, making it an invaluable tool for continuous security monitoring, incident response, and ensuring regulatory compliance within Kubernetes environments.

The prowler-kubernetes command is not a standalone executable provided by the Prowler project. Instead, it conceptually represents running the main prowler tool with configurations and checks specifically tailored for Kubernetes security assessments.
Users typically execute prowler and specify cloud providers (like AWS, Azure, GCP) or provide a kubeconfig for direct cluster access, alongside service filters or specific check IDs related to Kubernetes. Effective use requires appropriate IAM permissions for cloud APIs or Kubernetes RBAC permissions for direct cluster access.

Prowler performs Kubernetes security assessments by either interacting with cloud-provider APIs for managed Kubernetes services (e.g., EKS, AKS, GKE) or by directly connecting to a Kubernetes cluster's API server using a provided kubeconfig file. It then executes a series of predefined checks against various Kubernetes resources and configurations, such as RBAC policies, network policies, Pod Security Standards, logging, and secrets management, to identify deviations from security best practices and compliance frameworks like CIS Kubernetes Benchmark. The findings help users harden their clusters and improve overall security posture.

Prowler was initially developed by Toni de la Fuente, primarily for AWS security assessments. Over time, its capabilities expanded significantly to cover other major cloud providers (Azure, GCP) and a broader range of services. The inclusion of Kubernetes-related checks reflects the increasing adoption of container orchestration and the critical need for dedicated security auditing within these dynamic environments. While there isn't a specific prowler-kubernetes command history, the evolution of Prowler includes continuous development of Kubernetes-specific checks, integrating with cloud-managed Kubernetes services (EKS, AKS, GKE) and supporting direct Kubernetes API access to enhance its comprehensive security assessment coverage for cloud-native and containerized workloads.

prowler(1), kubectl(1), kubeconfig(5)