aws-eks (experimental)
nctl scan aws-eks
Scan Command
Scan EKS clusters
nctl scan aws eks <path to eks config>
To scan the eks cluster, use the flag --eks-config
followed by the path to the eks config yaml file which contains name and region of the eks cluster.
Scan Options
Flag | Shorthand | Description |
---|---|---|
--cluster |
scan resources across the whole cluster (default value false) | |
--audit-as-warn |
report violations from policies in audit mode as warnings instead of failures | |
--help |
-h |
help for kubernetes command |
--eks-config string |
path to the config YAML file with name and region on eks cluster (experimental) | |
--details |
see details of a scan to get info about violating resources and violated policies | |
--file <string> |
mention the file name to store scan result | |
--kube-context <string> |
see the kube context from configured kubeconfig. Default is the current or sole context | |
--kubeconfig <string> |
shows the kubeconfig path (defaults to $HOME/.kube/kubeconfig) | |
--namespace <string> |
-n |
scan for only specific namespaces in the cluster. It is possible to provide a list of comma separated namespaces |
--output <string> |
-o |
choose the output format of scan result. Available options are: json , text ,yaml and sarif with the default option being text |
--policies <strings> |
-p |
specify path to policy files (local path, github URL, helm URL) to scan against custom policies |
--policy-sets <string> |
scan against different policy sets in one command, use this flag to provide a comma-separated list of policy sets to scan the resources(pss-baseline, pss-restricted, rbac-best-practices) | |
--policy-view |
to see which policy got violated in the detailed scan results, use this flag combined with the --details flag |
|
--resources <strings> |
-r |
path to resource files (local path, github URL). scan specific resource files instead of all resources in a cluster, use this flag to point to a local path or gitHub URL containing the resource files. When combined with the --policies flag, this command can be used in a CI pipeline to check for misconfigurations in Kubernetes manifests |
values-file <string> |
Use this flag followed by the file path to extract values of policy variables |