diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-09-16 17:51:39 +0200 |
---|---|---|
committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-09-17 15:51:37 +0200 |
commit | aeaa5a1f5e57f63dd203db43fb6992ab1728c504 (patch) | |
tree | 99eff91cebb8792defa77cee62d5e562b67c2018 /test/security/k8s/src/check/config/config.go | |
parent | 0dc16f1f0c60625a1637ee1ec106a4df543dab92 (diff) |
k8s: Validate API server excluded admission plugins
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.10).
However, CIS Kubernetes Benchmark v1.3.0 mismatches official
documentation: Kubernetes 1.10+ already provides safe defaults from
security standpoint [1] (ONAP Casablanca uses 1.11).
Deprecated admission control plugin flag has also been validated since
it was still available in Kubernetes provided by Rancher [2].
[1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
[2] https://github.com/rancher/rancher/issues/15064
Issue-ID: SECCOM-235
Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security/k8s/src/check/config/config.go')
0 files changed, 0 insertions, 0 deletions