k8s: Validate API server Certificate Authorities

This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.21, 1.1.29 and 1.1.31). Issue-ID: SECCOM-235 Change-Id: Ia2f55f6962885a7aa878c970a406189902cfab10 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
author: Pawel Wieczorek <p.wieczorek2@samsung.com> 2019-09-19 15:27:14 +0200
committer: Pawel Wieczorek <p.wieczorek2@samsung.com> 2019-09-19 18:24:48 +0200
commit: 3e602597b036d29f77485f35c1f81a8cdb6f350b (patch)
tree: a64fd7633cf540a6c85d38727a24e391a22e538d /test/security/k8s/src/check/cmd
parent: 2055f0878a7841f7d07eda60eac10034c4b22215 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index 7468bc443..d124b8708 100644
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -70,4 +70,8 @@ func main() {
 	log.Printf("IsAuditLogMaxAgeValid: %t\n", master.IsAuditLogPathSet(k8sParams))
 	log.Printf("IsAuditLogMaxBackupValid: %t\n", master.IsAuditLogPathSet(k8sParams))
 	log.Printf("IsAuditLogMaxSizeValid: %t\n", master.IsAuditLogPathSet(k8sParams))
+
+	log.Printf("IsKubeletCertificateAuthoritySet: %t\n", master.IsKubeletCertificateAuthoritySet(k8sParams))
+	log.Printf("IsClientCertificateAuthoritySet: %t\n", master.IsClientCertificateAuthoritySet(k8sParams))
+	log.Printf("IsEtcdCertificateAuthoritySet: %t\n", master.IsEtcdCertificateAuthoritySet(k8sParams))
 }
author	Pawel Wieczorek <p.wieczorek2@samsung.com>	2019-09-19 15:27:14 +0200
committer	Pawel Wieczorek <p.wieczorek2@samsung.com>	2019-09-19 18:24:48 +0200
commit	3e602597b036d29f77485f35c1f81a8cdb6f350b (patch)
tree	a64fd7633cf540a6c85d38727a24e391a22e538d /test/security/k8s/src/check/cmd
parent	2055f0878a7841f7d07eda60eac10034c4b22215 (diff)