--- ## Controls Files. # These are YAML files that hold all the details for running checks. # ## Uncomment to use different control file paths. # masterControls: ./cfg/master.yaml # nodeControls: ./cfg/node.yaml master: components: - apiserver - scheduler - controllermanager - etcd - flanneld # kubernetes is a component to cover the config file /etc/kubernetes/config that is referred to in the benchmark - kubernetes kubernetes: defaultconf: /etc/kubernetes/config apiserver: bins: - "kube-apiserver" - "hyperkube apiserver" - "hyperkube kube-apiserver" - "apiserver" confs: - /etc/kubernetes/manifests/kube-apiserver.yaml - /etc/kubernetes/manifests/kube-apiserver.manifest - /var/snap/kube-apiserver/current/args defaultconf: /etc/kubernetes/manifests/kube-apiserver.yaml scheduler: bins: - "kube-scheduler" - "hyperkube scheduler" - "hyperkube kube-scheduler" - "scheduler" confs: - /etc/kubernetes/manifests/kube-scheduler.yaml - /etc/kubernetes/manifests/kube-scheduler.manifest - /var/snap/kube-scheduler/current/args defaultconf: /etc/kubernetes/manifests/kube-scheduler.yaml controllermanager: bins: - "kube-controller-manager" - "kube-controller" - "hyperkube controller-manager" - "hyperkube kube-controller-manager" - "controller-manager" confs: - /etc/kubernetes/manifests/kube-controller-manager.yaml - /etc/kubernetes/manifests/kube-controller-manager.manifest - /var/snap/kube-controller-manager/current/args defaultconf: /etc/kubernetes/manifests/kube-controller-manager.yaml etcd: optional: true bins: - "etcd" confs: - /etc/kubernetes/manifests/etcd.yaml - /etc/kubernetes/manifests/etcd.manifest - /etc/etcd/etcd.conf - /var/snap/etcd/common/etcd.conf.yml defaultconf: /etc/kubernetes/manifests/etcd.yaml flanneld: optional: true bins: - flanneld defaultconf: /etc/sysconfig/flanneld node: components: - kubelet - proxy # kubernetes is a component to cover the config file /etc/kubernetes/config that is referred to in the benchmark - kubernetes kubernetes: defaultconf: "/etc/kubernetes/config" kubelet: cafile: - "/etc/kubernetes/pki/ca.crt" - "/etc/kubernetes/certs/ca.crt" - "/etc/kubernetes/cert/ca.pem" svc: # These paths must also be included # in the 'confs' property below - "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf" - "/etc/systemd/system/kubelet.service" - "/lib/systemd/system/kubelet.service" - "/etc/systemd/system/snap.kubelet.daemon.service" bins: - "hyperkube kubelet" - "kubelet" kubeconfig: - "/etc/kubernetes/kubelet.conf" - "/var/lib/kubelet/kubeconfig" - "/etc/kubernetes/kubelet-kubeconfig" confs: - "/var/lib/kubelet/config.yaml" - "/etc/kubernetes/kubelet/kubelet-config.json" - "/home/kubernetes/kubelet-config.yaml" - "/etc/default/kubelet" - "/var/lib/kubelet/kubeconfig" - "/var/snap/kubelet/current/args" ## Due to the fact that the kubelet might be configured ## without a kubelet-config file, we use a work-around ## of pointing to the systemd service file (which can also ## hold kubelet configuration). ## Note: The following paths must match the one under 'svc' - "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf" - "/etc/systemd/system/kubelet.service" - "/lib/systemd/system/kubelet.service" - "/etc/systemd/system/snap.kubelet.daemon.service" defaultconf: "/var/lib/kubelet/config.yaml" defaultsvc: "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf" defaultkubeconfig: "/etc/kubernetes/kubelet.conf" defaultcafile: "/etc/kubernetes/pki/ca.crt" proxy: optional: true bins: - "kube-proxy" - "hyperkube proxy" - "hyperkube kube-proxy" - "proxy" confs: - /etc/kubernetes/proxy - /etc/kubernetes/addons/kube-proxy-daemonset.yaml - /var/snap/kube-proxy/current/args kubeconfig: - "/etc/kubernetes/kubelet-kubeconfig" - "/var/lib/kubelet/kubeconfig" svc: - "/lib/systemd/system/kube-proxy.service" defaultconf: /etc/kubernetes/addons/kube-proxy-daemonset.yaml defaultkubeconfig: "/etc/kubernetes/proxy.conf" version_mapping: "1.11": "cis-1.3" "1.12": "cis-1.3" "1.13": "cis-1.4" "1.14": "cis-1.4" "1.15": "cis-1.4" "ocp-3.10": "rh-0.7" "ocp-3.11": "rh-0.7"