This project contains configurations and workflows for managing infrastructure using code. It includes security checks and auto-remediation for Azure Kubernetes Service (AKS).
- Azure Kubernetes Security & Auto-Remediation: A GitHub Actions workflow that performs security checks on AKS clusters and triggers auto-remediation for policy compliance.
-
Clone the repository:
git clone https://github.com/yourusername/iac.git cd iac -
Configure Secrets:
- Add
AZURE_CREDENTIALSto your GitHub repository secrets. - Add
AZURE_SUBSCRIPTION_IDto your GitHub repository secrets.
- Add
The GitHub Actions workflow is triggered on push and pull request events to the main branch. It performs the following steps:
- Checkout Code: Checks out the repository code.
- Login to Azure: Authenticates to Azure using the provided credentials.
- Run kube-bench for CIS Compliance: Runs kube-bench to check for CIS compliance.
- Run kubesec for YAML Security: Scans Kubernetes YAML files for security issues.
- Check Azure Security Center Alerts: Lists security alerts from Azure Security Center.
- Trigger Auto-Remediation: Creates a remediation task for non-compliant AKS clusters.
For more details, refer to the workflow file.
Feel free to open issues or submit pull requests for any improvements or bug fixes.
This project is licensed under the MIT License.