In-Cluster Execution¶
For in-cluster execution, you can use the supplied yaml files inside /kubernetes
:
They can be used to run Prowler as a job within a new Prowler namespace:
kubectl apply -f kubernetes/prowler-sa.yaml
kubectl apply -f kubernetes/job.yaml
kubectl apply -f kubernetes/prowler-role.yaml
kubectl apply -f kubernetes/prowler-rolebinding.yaml
kubectl get pods --namespace prowler-ns --> prowler-XXXXX
kubectl logs prowler-XXXXX --namespace prowler-ns
Note
By default, prowler
will scan all namespaces in your active Kubernetes context. Use the --namespace
flag to specify the namespace(s) to be scanned.
Identifying the cluster in reports
When running in in-cluster mode, the Kubernetes API does not expose the actual cluster name by default.
To uniquely identify the cluster in logs and reports, you can:
- Use the
--cluster-name
flag to manually set the cluster name: - Or set the
CLUSTER_NAME
environment variable: