aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/config/config.go
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2019-09-16 17:51:39 +0200
committerPawel Wieczorek <p.wieczorek2@samsung.com>2019-09-17 15:51:37 +0200
commitaeaa5a1f5e57f63dd203db43fb6992ab1728c504 (patch)
tree99eff91cebb8792defa77cee62d5e562b67c2018 /test/security/k8s/src/check/config/config.go
parent0dc16f1f0c60625a1637ee1ec106a4df543dab92 (diff)
k8s: Validate API server excluded admission plugins
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.10). However, CIS Kubernetes Benchmark v1.3.0 mismatches official documentation: Kubernetes 1.10+ already provides safe defaults from security standpoint [1] (ONAP Casablanca uses 1.11). Deprecated admission control plugin flag has also been validated since it was still available in Kubernetes provided by Rancher [2]. [1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use [2] https://github.com/rancher/rancher/issues/15064 Issue-ID: SECCOM-235 Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security/k8s/src/check/config/config.go')
0 files changed, 0 insertions, 0 deletions