In-Cluster Execution

For in-cluster execution, use the supplied yaml files inside /kubernetes:

They can be used to run Prowler as a job within a new Prowler namespace:

kubectl apply -f kubernetes/prowler-sa.yaml
kubectl apply -f kubernetes/job.yaml
kubectl apply -f kubernetes/prowler-role.yaml
kubectl apply -f kubernetes/prowler-rolebinding.yaml
kubectl get pods --namespace prowler-ns --> prowler-XXXXX
kubectl logs prowler-XXXXX --namespace prowler-ns

By default, prowler will scan all namespaces in your active Kubernetes context. Use the --namespace flag to specify the namespace(s) to be scanned.

Identifying the cluster in reportsWhen running in in-cluster mode, the Kubernetes API does not expose the actual cluster name by default.To uniquely identify the cluster in logs and reports, you can:

Use the --cluster-name flag to manually set the cluster name:

prowler -p kubernetes --cluster-name production-cluster

Or set the CLUSTER_NAME environment variable:

env:
    - name: CLUSTER_NAME
      value: production-cluster

GCP Retry Configuration in Prowler Non In-Cluster Execution

⌘I

Prowler Cloud/App

CLI

Providers

Compliance