Abubakr-Sadik Nii Nai Davis
a88b0703d8
Add kubeconfig variable substitution for kubelet and proxy.
...
There are checks for the kubeconfig for both kubelet and proxy which
the current kube-bench implementation does not check for properly.
kube-bench checks the wrong files.
This PR adds support for variable substitution for all the config file
types are that should be checked in the CIS benchmarks.
This PR also fixes a buggy in CIS 1.3.0 check 2.2.9, which checks for
ownership of the kubelet config file /var/lib/kubelet/config.yaml but
recommends changing ownership of kubelet kubeconfig file
/etc/kubernetes/kubelet.conf as remediation.
2019-02-27 22:15:14 +00:00
Abubakr-Sadik Nii Nai Davis
3f98c1def2
Fix wrong reference to kubelet.config in node checks.
...
This fix applies to only checks for kubernetes versions 1.8 and 1.11.
See https://github.com/aquasecurity/kube-bench/pull/208 .
2019-02-27 22:14:19 +00:00
Abubakr-Sadik Nii Nai Davis
04f044e3b9
Add support for merging general and kubernetes version specific config files.
...
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
2017-11-28 17:38:34 +00:00
Abubakr-Sadik Nii Nai Davis
e227934c88
Add function to get unit files for kubernetes components.
2017-10-15 13:20:01 +00:00
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60
Add function to get pod specs for kubernetes components.
2017-10-15 13:19:57 +00:00
Liz Rice
a6036bcfcf
Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf”
2017-08-31 17:39:48 +01:00
Liz Rice
a3197f8efe
Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.
2017-08-31 14:45:16 +01:00
Liz Rice
e4e41683c4
Update the config file
2017-08-30 18:36:00 +01:00
Liz Rice
cf62def9fd
Better config file locations
2017-08-15 20:07:27 +01:00
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
2017-07-13 00:24:09 +00:00
Amir Jerbi
55fd838191
No need to run install.sh.
...
Simply clone the project, compile the go app and run ./cis_kubernetes
2017-06-20 00:03:46 +03:00
Amir Jerbi
154a140f74
Initial commit
2017-06-19 17:01:57 +03:00