Merge pull request #193 from maxbischoff/patch-1

Changed 1.1.14 to not fail when flag is not set
5 years ago · 2eef3e8ad2
parent f6cab11357 791fbba9e7
commit 2eef3e8ad2
1 changed files with 3 additions and 0 deletions
--- a/cfg/1.11/master.yaml
+++ b/cfg/1.11/master.yaml
@ -220,12 +220,15 @@ groups:
    text: "Ensure that the admission control plugin NamespaceLifecycle is set (Scored)"
    audit: "ps -ef | grep $apiserverbin | grep -v grep"
    tests:
+      bin_op: or
      test_items:
      - flag: "--disable-admission-plugins"
        compare:
          op: nothave
          value: "NamespaceLifecycle"
        set: true
+      - flag: "--disable-admission-plugins"
+        set: false
    remediation: |
      Edit the API server pod specification file $apiserverconf
      on the master node and set the --disable-admission-plugins parameter to