AI for DevOps Engineers - Part 1: The Building Blocks of DevOps AI
DevOps is a key success factor for modern software development and we have most definitely come across AI in one way or another. The intersection of AI and
In this article, we will show you how to secure your Kubernetes cluster with Mondoo and GitHub Actions. We will use the Mondoo GitHub Action to scan our Kubernetes manifests for security vulnerabilities and compliance issues. The Mondoo GitHub Action is a simple and effective way to secure your Kubernetes workloads.
As organizations increasingly adopt Kubernetes for container orchestration, ensuring the security and stability of deployments has become paramount. Integrating security and compliance checks directly into the CI/CD pipeline is an effective way to achieve this. GitHub Actions, a popular CI/CD tool, provides an excellent platform for automating these checks. In this post, we'll explore the benefits of scanning a Kubernetes deployment within a GitHub Action.
By incorporating Kubernetes scans into your GitHub Actions workflow, you ensure that every deployment is automatically checked for security vulnerabilities and compliance issues. This continuous monitoring helps catch potential problems early, before they make it to production.
Automation is a key advantage of using GitHub Actions for Kubernetes scanning. Automated workflows mean that scans are performed consistently, without relying on manual intervention.
GitHub Actions seamlessly integrates with existing DevOps practices, enabling teams to incorporate security into their development workflows without significant changes to their processes.
Running scans within GitHub Actions provides visibility into the security posture of your Kubernetes deployments. It also creates an audit trail, making it easier to track and address issues.
GitHub Actions offers flexibility and extensibility, allowing you to customize the scanning process according to your specific requirements. You can use pre-built actions or create custom ones to suit your needs.
Using GitHub Actions for Kubernetes scanning can be more cost-effective than other solutions, especially for organizations already using GitHub for version control and CI/CD.
Mondoo provides a GitHub Action that makes it easy to scan Kubernetes deployments for security vulnerabilities and compliance issues. The Mondoo GitHub Action integrates seamlessly with GitHub Actions, allowing you to add security checks to your CI/CD pipeline with minimal effort.
1name: Mondoo Manifest Check
2on:
3 push: {}
4jobs:
5 steps:
6 - uses: actions/checkout@v4
7 - name: Manifest Check
8 uses: mondoohq/actions/k8s-manifest@main
9 with:
10 path: k8s/manifests
11 env:
12 MONDOO_CONFIG_BASE64: '${{ secrets.MONDOO_SERVICE_ACCOUNT }}'
In this example, we define a GitHub Actions workflow that scans Kubernetes manifests located in the k8s/manifests
directory. The Mondoo GitHub Action is triggered whenever changes are pushed to the repository. The action uses the MONDOO_SERVICE_ACCOUNT
secret to authenticate with the Mondoo API.
On the Mondoo side, you can create a service account with the following documentation.
So let's use following deployment for scanning Kubernetes deployments with Mondoo GitHub Actions:
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 labels:
5 app: whoami
6 name: whoami
7spec:
8 replicas: 1
9 selector:
10 matchLabels:
11 app: whoami
12 template:
13 metadata:
14 labels:
15 app: whoami
16 spec:
17 containers:
18 - image: containous/whoami
19 args: [ "-port", "8080" ]
20 imagePullPolicy: Always
21 name: whoami
22 ports:
23 - containerPort: 8080
24 protocol: TCP
25 restartPolicy: Always
With the submission of this manifest to your GitHub repository, the Mondoo GitHub Action will automatically scan the deployment for security vulnerabilities and compliance issues. The detailed scan results will be available in the GitHub Actions logs, allowing you to quickly identify and remediate any issues.
And also a visual representation in the Mondoo Console is available:
By adding this workflow to your GitHub Actions configuration, you can automatically scan your Kubernetes deployments for security vulnerabilities and compliance issues. The Mondoo GitHub Action provides detailed reports on the scan results, helping you identify and remediate any issues quickly.
You are interested in our courses or you simply have a question that needs answering? You can contact us at anytime! We will do our best to answer all your questions.
Contact us