aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go
diff options
context:
space:
mode:
Diffstat (limited to 'test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go')
-rw-r--r--test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go15
1 files changed, 15 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go
index 85ab28564..f1dd0fe49 100644
--- a/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go
+++ b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go
@@ -5,6 +5,21 @@ import (
"check/validators/master/boolean"
)
+// IsProfilingDisabled validates there is single "--profiling" flag and it is set to "false".
+func IsProfilingDisabled(params []string) bool {
+ return args.HasSingleFlagArgument("--profiling=", "false", params)
+}
+
+// IsUseServiceAccountCredentialsEnabled validates there is single "--use-service-account-credentials" flag and it is set to "true".
+func IsUseServiceAccountCredentialsEnabled(params []string) bool {
+ return args.HasSingleFlagArgument("--use-service-account-credentials=", "true", params)
+}
+
+// IsRotateKubeletServerCertificateIncluded validates RotateKubeletServerCertificate=true is included.
+func IsRotateKubeletServerCertificateIncluded(params []string) bool {
+ return args.HasFlagArgumentIncluded("--feature-gates=", "RotateKubeletServerCertificate=true", params)
+}
+
// IsInsecureBindAddressAbsentOrLoopback validates there is no insecure bind address or it is loopback address.
func IsInsecureBindAddressAbsentOrLoopback(params []string) bool {
return boolean.IsFlagAbsent("--address=", params) ||