mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-24 07:28:06 +00:00
7280438eb5
* Add new cis version yamls Add new cis version yamls * Add new cis version yamls * Add cis-1.6 to versions table * support version mapping cis-1.6 * support version mapping cis-1.6 * Update controlplane.yaml * Update etcd.yaml * Update node.yaml * Update policies.yaml * Create job.data * Create job-node.data * Create job-master.data * Create add-tls-kind.yaml * Change node version to 1.15.0 * Add tests for cis-1.6 * Delete node_only.yaml * Change tests 1.1.19-1.1.21 Change 1.1.19-1.1.21 because failing tests * Update job.data * Update job-master.data * Update job-master.data * Update job.data * fix 1.2.35 remediation tabs instead of spaces * Update job-master.data * Remove extra space * Update job.data * Create node_only.yaml * Add tests for cis-1.6 Add tests for cis-1.6 and change some from 1,5 to 1.6 * Fix typo * Add mapping for cis-1.6 * Remove extra space in 1.2.35 remediation * Update job.data * Update job-master.data * Fix type 1.2.35 * Remove trailing spaces * Remove trailing spaces * Remove trailing spaces * Remove trailing spaces * Add version 1.19 kubernetes support * Add version 1.19 kubernetes support * Add version 1.19 kubernetes support
78 lines
2.4 KiB
YAML
78 lines
2.4 KiB
YAML
---
|
|
node:
|
|
components:
|
|
- kubelet
|
|
- proxy
|
|
# kubernetes is a component to cover the config file /etc/kubernetes/config that is referred to in the benchmark
|
|
- kubernetes
|
|
|
|
kubernetes:
|
|
defaultconf: "/etc/kubernetes/config"
|
|
|
|
kubelet:
|
|
cafile:
|
|
- "/etc/kubernetes/pki/ca.crt"
|
|
- "/etc/kubernetes/certs/ca.crt"
|
|
- "/etc/kubernetes/cert/ca.pem"
|
|
svc:
|
|
# These paths must also be included
|
|
# in the 'confs' property below
|
|
- "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
|
|
- "/etc/systemd/system/kubelet.service"
|
|
- "/lib/systemd/system/kubelet.service"
|
|
bins:
|
|
- "hyperkube kubelet"
|
|
- "kubelet"
|
|
kubeconfig:
|
|
- "/etc/kubernetes/kubelet.conf"
|
|
- "/var/lib/kubelet/kubeconfig"
|
|
- "/etc/kubernetes/kubelet-kubeconfig"
|
|
confs:
|
|
- "/var/lib/kubelet/config.yaml"
|
|
- "/var/lib/kubelet/config.yml"
|
|
- "/etc/kubernetes/kubelet/kubelet-config.json"
|
|
- "/home/kubernetes/kubelet-config.yaml"
|
|
- "/home/kubernetes/kubelet-config.yml"
|
|
- "/etc/default/kubelet"
|
|
## Due to the fact that the kubelet might be configured
|
|
## without a kubelet-config file, we use a work-around
|
|
## of pointing to the systemd service file (which can also
|
|
## hold kubelet configuration).
|
|
## Note: The following paths must match the one under 'svc'
|
|
- "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
|
|
- "/etc/systemd/system/kubelet.service"
|
|
- "/lib/systemd/system/kubelet.service"
|
|
defaultconf: "/var/lib/kubelet/config.yaml"
|
|
defaultsvc: "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
|
|
defaultkubeconfig: "/etc/kubernetes/kubelet.conf"
|
|
defaultcafile: "/etc/kubernetes/pki/ca.crt"
|
|
|
|
proxy:
|
|
bins:
|
|
- "kube-proxy"
|
|
- "hyperkube proxy"
|
|
- "hyperkube kube-proxy"
|
|
- "proxy"
|
|
confs:
|
|
- /etc/kubernetes/proxy
|
|
- /etc/kubernetes/addons/kube-proxy-daemonset.yaml
|
|
kubeconfig:
|
|
- /etc/kubernetes/kubelet-kubeconfig
|
|
svc:
|
|
- "/lib/systemd/system/kube-proxy.service"
|
|
defaultconf: /etc/kubernetes/addons/kube-proxy-daemonset.yaml
|
|
defaultkubeconfig: "/etc/kubernetes/proxy.conf"
|
|
|
|
version_mapping:
|
|
"1.11": "cis-1.3"
|
|
"1.12": "cis-1.3"
|
|
"1.13": "cis-1.4"
|
|
"1.14": "cis-1.4"
|
|
"1.15": "cis-1.5"
|
|
"1.16": "cis-1.6"
|
|
"1.17": "cis-1.6"
|
|
"1.18": "cis-1.6"
|
|
"1.19": "cis-1.6"
|
|
"ocp-3.10": "rh-0.7"
|
|
"ocp-3.11": "rh-0.7"
|