|
|
@ -18,7 +18,7 @@
|
|
|
|
[PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated)
|
|
|
|
[PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated)
|
|
|
|
[PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)
|
|
|
|
[PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)
|
|
|
|
[PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
|
|
|
|
[PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
|
|
|
|
[FAIL] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
|
|
|
|
[PASS] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
|
|
|
|
[PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)
|
|
|
|
[PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)
|
|
|
|
[PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)
|
|
|
|
[PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)
|
|
|
|
[INFO] 1.2 API Server
|
|
|
|
[INFO] 1.2 API Server
|
|
|
@ -84,10 +84,6 @@ ps -ef | grep etcd
|
|
|
|
Run the below command (based on the etcd data directory found above).
|
|
|
|
Run the below command (based on the etcd data directory found above).
|
|
|
|
For example, chown etcd:etcd /var/lib/etcd
|
|
|
|
For example, chown etcd:etcd /var/lib/etcd
|
|
|
|
|
|
|
|
|
|
|
|
1.1.19 Run the below command (based on the file location on your system) on the master node.
|
|
|
|
|
|
|
|
For example,
|
|
|
|
|
|
|
|
chown -R root:root /etc/kubernetes/pki/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
|
|
|
1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
|
|
|
on the master node and set the below parameter.
|
|
|
|
on the master node and set the below parameter.
|
|
|
|
--anonymous-auth=false
|
|
|
|
--anonymous-auth=false
|
|
|
@ -177,8 +173,8 @@ on the master node and set the below parameter.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
== Summary ==
|
|
|
|
== Summary ==
|
|
|
|
43 checks PASS
|
|
|
|
44 checks PASS
|
|
|
|
12 checks FAIL
|
|
|
|
11 checks FAIL
|
|
|
|
10 checks WARN
|
|
|
|
10 checks WARN
|
|
|
|
0 checks INFO
|
|
|
|
0 checks INFO
|
|
|
|
[INFO] 2 Etcd Node Configuration
|
|
|
|
[INFO] 2 Etcd Node Configuration
|
|
|
|