|
|
|
@ -26,7 +26,7 @@
|
|
|
|
|
[FAIL] 1.1.24 Ensure that the admission control plugin PodSecurityPolicy is set (Scored)
|
|
|
|
|
[PASS] 1.1.25 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
|
|
|
|
|
[PASS] 1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
|
|
|
|
|
[FAIL] 1.1.27 Ensure that the admission control plugin ServiceAccount is set(Scored)
|
|
|
|
|
[PASS] 1.1.27 Ensure that the admission control plugin ServiceAccount is set(Scored)
|
|
|
|
|
[PASS] 1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Scored)
|
|
|
|
|
[PASS] 1.1.29 Ensure that the --client-ca-file argument is set as appropriate (Scored)
|
|
|
|
|
[PASS] 1.1.30 Ensure that the --etcd-cafile argument is set as appropriate (Scored)
|
|
|
|
@ -154,12 +154,6 @@ value that includes PodSecurityPolicy :
|
|
|
|
|
--enable-admission-plugins=...,PodSecurityPolicy,...
|
|
|
|
|
Then restart the API Server.
|
|
|
|
|
|
|
|
|
|
1.1.27 Follow the documentation and create ServiceAccount objects as per your environment.
|
|
|
|
|
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
|
|
|
|
on the master node and set the --enable-admission-plugins parameter to a
|
|
|
|
|
value that includes ServiceAccount.
|
|
|
|
|
--enable-admission-plugins=...,ServiceAccount,...
|
|
|
|
|
|
|
|
|
|
1.1.31 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
|
|
|
|
on the master node and set the below parameter.
|
|
|
|
|
--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
|
|
|
|
@ -327,8 +321,8 @@ Create a PSP as described in the Kubernetes documentation, ensuring that the .sp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
== Summary ==
|
|
|
|
|
48 checks PASS
|
|
|
|
|
18 checks FAIL
|
|
|
|
|
49 checks PASS
|
|
|
|
|
17 checks FAIL
|
|
|
|
|
25 checks WARN
|
|
|
|
|
1 checks INFO
|
|
|
|
|
[INFO] 2 Worker Node Security Configuration
|
|
|
|
|