Kubernetes Admission Controller


Integrating with your Kubernetes workflow enables Bridgecrew to deploy a Kubernetes Admission Controller and scan your Kubernetes manifest file for compliance with a defined set of security checks. Deployments that fail these checks are blocked by the Admission Controller. Details of these failures appear on the Projects Page.

How to Integrate

  1. From the Integrations Catalog, under CI/CD, select Kubernetes Admission Controller.
  1. Enter a name for your token and add a description (optional), then select Create. Tokens are specific per user and enforce the role and permission assigned to that user within the organization.
  1. Copy and save the API Token, then select Next. (The Token will not be available later.)
  1. Add the Kubernetes Cluster name and then select Next.
    The cluster name will appear in the platform as a "repository" and is used to identify scans conducted by the admission controller.
  1. Copy the code shown into the Kubernetes CLI.
curl –o setup.sh https://raw.githubusercontent.com/bridgecrewio/checkov/master/admissioncontroller/setup.sh
        chmod +x ./setup.sh
        ./setup.sh Main d10fa509-16ef-4fdc-a431-d2f1b1847183
  1. Run setup.sh to generate the secrets, certs, namespace (if required), and deployment for your cluster. This will also deploy the new resources to your cluster.

The Kubernetes Admission Controller will scan the next deployment.