aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/validators/master/master.go
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2019-09-27 19:00:46 +0200
committerPawel Wieczorek <p.wieczorek2@samsung.com>2019-09-27 19:51:05 +0200
commitbd12bfbc6fbe4ecfc2152467ea6785c9e5163763 (patch)
treeb109d44444a139cd49a57c41416e445fe24079cd /test/security/k8s/src/check/validators/master/master.go
parent5a61d615fe1c05487c26c32b2e8e4416f6cbb421 (diff)
k8s: Validate controller manager address flag
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.3.7). Issue-ID: SECCOM-235 Change-Id: Id3f4bcb9a506dae3c7c0a884ad6c704dfae2a6d8 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security/k8s/src/check/validators/master/master.go')
-rw-r--r--test/security/k8s/src/check/validators/master/master.go7
1 files changed, 7 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/validators/master/master.go b/test/security/k8s/src/check/validators/master/master.go
index bc019a67a..79d6612a6 100644
--- a/test/security/k8s/src/check/validators/master/master.go
+++ b/test/security/k8s/src/check/validators/master/master.go
@@ -4,6 +4,7 @@ import (
"log"
"check/validators/master/api"
+ "check/validators/master/controllermanager"
"check/validators/master/scheduler"
)
@@ -64,3 +65,9 @@ func CheckScheduler(params []string) {
log.Printf("IsProfilingDisabled: %t\n", scheduler.IsProfilingDisabled(params))
log.Printf("IsInsecureBindAddressAbsentOrLoopback: %t\n", scheduler.IsInsecureBindAddressAbsentOrLoopback(params))
}
+
+// CheckControllerManager validates controller manager complies with CIS guideliness.
+func CheckControllerManager(params []string) {
+ log.Println("==> Controller Manager:")
+ log.Printf("IsInsecureBindAddressAbsentOrLoopback: %t\n", controllermanager.IsInsecureBindAddressAbsentOrLoopback(params))
+}