From 9d577d94b4aa2b03a3246f615ade212340c8b652 Mon Sep 17 00:00:00 2001 From: Liz Rice Date: Thu, 30 May 2019 23:04:44 +0100 Subject: [PATCH 1/3] Update openshift executables --- cfg/ocp-3.10/config.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/cfg/ocp-3.10/config.yaml b/cfg/ocp-3.10/config.yaml index c63b27b..df15172 100644 --- a/cfg/ocp-3.10/config.yaml +++ b/cfg/ocp-3.10/config.yaml @@ -4,7 +4,18 @@ master: apiserver: bins: + - openshift start master api - hypershift openshift-kube-apiserver + + scheduler: + bins: + - "openshift start master controllers" + confs: + - /etc/origin/master/scheduler.json + + controllermanager: + bins: + - "openshift start master controllers" etcd: bins: From 9d0e3491a03e4721a47248018526bbbcb459fcc7 Mon Sep 17 00:00:00 2001 From: 030 Date: Sat, 1 Jun 2019 16:40:45 +0200 Subject: [PATCH 2/3] [GH-191] explained that master nodes cannot be inspected in managed k8s --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8eb2b98..fbd261c 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ kube-bench logo -kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/). +kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/). Note that it is impossible to inspect master nodes of managed clusters, e.g. GKE, EKS and AKS, using kube-bench as one does not have access to such nodes. Tests are configured with YAML files, making this tool easy to update as test specifications evolve. From 27df1f60ed4523f2a0b254d8e5ab16323e492781 Mon Sep 17 00:00:00 2001 From: Liz Rice Date: Sat, 1 Jun 2019 18:17:09 +0200 Subject: [PATCH 3/3] Clarification about worker nodes in managed k8s MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Because we don’t want to put people off running kube-bench altogether in these environments --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fbd261c..c4ddf29 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,9 @@ kube-bench logo -kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/). Note that it is impossible to inspect master nodes of managed clusters, e.g. GKE, EKS and AKS, using kube-bench as one does not have access to such nodes. +kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/). + +Note that it is impossible to inspect the master nodes of managed clusters, e.g. GKE, EKS and AKS, using kube-bench as one does not have access to such nodes, although it is still possible to use kube-bench to check worker node configuration in these environments. Tests are configured with YAML files, making this tool easy to update as test specifications evolve.