mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-15 20:39:08 +00:00
3f98c1def2
This fix applies to only checks for kubernetes versions 1.8 and 1.11. See https://github.com/aquasecurity/kube-bench/pull/208.
113 lines
2.6 KiB
YAML
113 lines
2.6 KiB
YAML
---
|
|
## Controls Files.
|
|
# These are YAML files that hold all the details for running checks.
|
|
#
|
|
## Uncomment to use different control file paths.
|
|
# masterControls: ./cfg/master.yaml
|
|
# nodeControls: ./cfg/node.yaml
|
|
# federatedControls: ./cfg/federated.yaml
|
|
|
|
master:
|
|
components:
|
|
- apiserver
|
|
- scheduler
|
|
- controllermanager
|
|
- etcd
|
|
- flanneld
|
|
# kubernetes is a component to cover the config file /etc/kubernetes/config that is referred to in the benchmark
|
|
- kubernetes
|
|
|
|
kubernetes:
|
|
defaultconf: /etc/kubernetes/config
|
|
|
|
apiserver:
|
|
bins:
|
|
- "kube-apiserver"
|
|
- "hyperkube apiserver"
|
|
- "apiserver"
|
|
confs:
|
|
- /etc/kubernetes/apiserver.conf
|
|
- /etc/kubernetes/apiserver
|
|
defaultconf: /etc/kubernetes/apiserver
|
|
|
|
scheduler:
|
|
bins:
|
|
- "kube-scheduler"
|
|
- "hyperkube scheduler"
|
|
- "scheduler"
|
|
confs:
|
|
- /etc/kubernetes/scheduler.conf
|
|
- /etc/kubernetes/scheduler
|
|
defaultconf: /etc/kubernetes/scheduler
|
|
|
|
controllermanager:
|
|
bins:
|
|
- "kube-controller-manager"
|
|
- "hyperkube controller-manager"
|
|
- "controller-manager"
|
|
confs:
|
|
- /etc/kubernetes/controller-manager.conf
|
|
- /etc/kubernetes/controller-manager
|
|
defaultconf: /etc/kubernetes/controller-manager
|
|
|
|
etcd:
|
|
optional: true
|
|
bins:
|
|
- "etcd"
|
|
confs:
|
|
- /etc/etcd/etcd.conf
|
|
defaultconf: /etc/etcd/etcd.conf
|
|
|
|
flanneld:
|
|
optional: true
|
|
bins:
|
|
- flanneld
|
|
defaultconf: /etc/sysconfig/flanneld
|
|
|
|
node:
|
|
components:
|
|
- kubelet
|
|
- proxy
|
|
# kubernetes is a component to cover the config file /etc/kubernetes/config that is referred to in the benchmark
|
|
- kubernetes
|
|
|
|
kubernetes:
|
|
defaultconf: /etc/kubernetes/config
|
|
|
|
kubelet:
|
|
bins:
|
|
- "hyperkube kubelet"
|
|
- "kubelet"
|
|
confs:
|
|
- /etc/kubernetes/kubelet.conf
|
|
- /etc/kubernetes/kubelet
|
|
defaultconf: "/etc/kubernetes/kubelet.conf"
|
|
defaultsvc: "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
|
|
|
|
proxy:
|
|
bins:
|
|
- "kube-proxy"
|
|
- "hyperkube proxy"
|
|
- "proxy"
|
|
confs:
|
|
- /etc/kubernetes/proxy.conf
|
|
- /etc/kubernetes/proxy
|
|
- /etc/kubernetes/addons/kube-proxy-daemonset.yaml
|
|
|
|
federated:
|
|
components:
|
|
- fedapiserver
|
|
- fedcontrollermanager
|
|
|
|
fedapiserver:
|
|
bins:
|
|
- "hyperkube federation-apiserver"
|
|
- "kube-federation-apiserver"
|
|
- "federation-apiserver"
|
|
|
|
fedcontrollermanager:
|
|
bins:
|
|
- "hyperkube federation-controller-manager"
|
|
- "kube-federation-controller-manager"
|
|
- "federation-controller-manager"
|