diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-09-17 15:59:30 +0200 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-09-17 13:59:30 +0000 |
commit | 951eadff1d46c1d04e05cf4731e4cabd21557be9 (patch) | |
tree | 6a59d1fc0431f520dc91b542da11da23ca5c9aec /INFO.yaml | |
parent | 32335dc98a39c70b460528cc7ebbc1617942ed84 (diff) |
Update git submodules
* Update docs/submodules/integration.git from branch 'master'
to aeaa5a1f5e57f63dd203db43fb6992ab1728c504
- k8s: Validate API server excluded admission plugins
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.10).
However, CIS Kubernetes Benchmark v1.3.0 mismatches official
documentation: Kubernetes 1.10+ already provides safe defaults from
security standpoint [1] (ONAP Casablanca uses 1.11).
Deprecated admission control plugin flag has also been validated since
it was still available in Kubernetes provided by Rancher [2].
[1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
[2] https://github.com/rancher/rancher/issues/15064
Issue-ID: SECCOM-235
Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'INFO.yaml')
0 files changed, 0 insertions, 0 deletions