aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/validators/master
diff options
context:
space:
mode:
Diffstat (limited to 'test/security/k8s/src/check/validators/master')
-rw-r--r--test/security/k8s/src/check/validators/master/api/api_test.go69
-rw-r--r--test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go21
-rw-r--r--test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go11
3 files changed, 3 insertions, 98 deletions
diff --git a/test/security/k8s/src/check/validators/master/api/api_test.go b/test/security/k8s/src/check/validators/master/api/api_test.go
index 4ba5070a8..01fe9b1c6 100644
--- a/test/security/k8s/src/check/validators/master/api/api_test.go
+++ b/test/security/k8s/src/check/validators/master/api/api_test.go
@@ -45,39 +45,7 @@ var _ = Describe("Api", func() {
"TLS_RSA_WITH_AES_128_GCM_SHA256",
}
- // kubeApiServerCasablanca was obtained from virtual environment for testing
- // (introduced in Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882).
- kubeApiServerCasablanca = []string{
- "--storage-backend=etcd2",
- "--storage-media-type=application/json",
- "--service-cluster-ip-range=10.43.0.0/16",
- "--etcd-servers=https://etcd.kubernetes.rancher.internal:2379",
- "--insecure-bind-address=0.0.0.0",
- "--insecure-port=0",
- "--cloud-provider=rancher",
- "--allow-privileged=true",
- "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount," +
- "PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,ResourceQuota",
- "--client-ca-file=/etc/kubernetes/ssl/ca.pem",
- "--tls-cert-file=/etc/kubernetes/ssl/cert.pem",
- "--tls-private-key-file=/etc/kubernetes/ssl/key.pem",
- "--kubelet-client-certificate=/etc/kubernetes/ssl/cert.pem",
- "--kubelet-client-key=/etc/kubernetes/ssl/key.pem",
- "--runtime-config=batch/v2alpha1",
- "--anonymous-auth=false",
- "--authentication-token-webhook-config-file=/etc/kubernetes/authconfig",
- "--runtime-config=authentication.k8s.io/v1beta1=true",
- "--external-hostname=kubernetes.kubernetes.rancher.internal",
- "--etcd-cafile=/etc/kubernetes/etcd/ca.pem",
- "--etcd-certfile=/etc/kubernetes/etcd/cert.pem",
- "--etcd-keyfile=/etc/kubernetes/etcd/key.pem",
- "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," +
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305," +
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," +
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
- }
-
- // kubeApiServerCasablanca was obtained from virtual environment for testing
+ // kubeApiServerDublin was obtained from virtual environment for testing
// (introduced in Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3).
kubeApiServerDublin = []string{
"--requestheader-group-headers=X-Remote-Group",
@@ -130,7 +98,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not absent on insecure cluster", []string{"--insecure-allow-any-token"}, false),
Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be absent on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
)
@@ -140,7 +107,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not set on insecure cluster", []string{}, false),
Entry("Should be set to false on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be set to false on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be set to false on Dublin cluster", kubeApiServerDublin, true),
)
@@ -150,7 +116,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not set on insecure cluster", []string{}, false),
Entry("Is explicitly enabled on insecure cluster", []string{"--profiling=true"}, false),
- Entry("Is not set on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Should be set to false on CIS-compliant cluster", kubeApiServerCISCompliant, true),
Entry("Should be set to false on Dublin cluster", kubeApiServerDublin, true),
)
@@ -161,7 +126,6 @@ var _ = Describe("Api", func() {
},
Entry("Is explicitly disabled on insecure cluster", []string{"--kubelet-https=false"}, false),
Entry("Should be absent or set to true on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be absent or set to true on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be absent or set to true on Dublin cluster", kubeApiServerDublin, true),
)
@@ -171,7 +135,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not set on insecure cluster", []string{}, false),
Entry("Is explicitly enabled on insecure cluster", []string{"--repair-malformed-updates=true"}, false),
- Entry("Is not set on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Should be set to false on CIS-compliant cluster", kubeApiServerCISCompliant, true),
Entry("Should be set to false on Dublin cluster", kubeApiServerDublin, true),
)
@@ -182,7 +145,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not set on insecure cluster", []string{}, false),
Entry("Is explicitly disabled on insecure cluster", []string{"--service-account-lookup=false"}, false),
- Entry("Is not set on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Should be set to true on CIS-compliant cluster", kubeApiServerCISCompliant, true),
Entry("Should be set to true on Dublin cluster", kubeApiServerDublin, true),
)
@@ -195,7 +157,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not absent on insecure cluster", []string{"--basic-auth-file=/path/to/file"}, false),
Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be absent on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
)
@@ -205,7 +166,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not absent on insecure cluster", []string{"--token-auth-file=/path/to/file"}, false),
Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be absent on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
)
@@ -215,7 +175,6 @@ var _ = Describe("Api", func() {
},
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--audit-log-path="}, false),
- Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -226,7 +185,6 @@ var _ = Describe("Api", func() {
},
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--kubelet-certificate-authority="}, false),
- Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -238,7 +196,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--client-ca-file="}, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
)
@@ -249,7 +206,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"-etcd-cafile="}, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
)
@@ -259,7 +215,6 @@ var _ = Describe("Api", func() {
},
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--service-account-key-file="}, false),
- Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
)
@@ -271,7 +226,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--kubelet-client-certificate= --kubelet-client-key="}, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
)
@@ -282,7 +236,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--etcd-certfile= --etcd-keyfile="}, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
)
@@ -293,7 +246,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--tls-cert-file= --tls-private-key-file="}, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
)
})
@@ -304,7 +256,6 @@ var _ = Describe("Api", func() {
Expect(IsInsecureBindAddressAbsentOrLoopback(params)).To(Equal(expected))
},
Entry("Is not absent on insecure cluster", []string{"--insecure-bind-address=1.2.3.4"}, false),
- Entry("Is not absent nor set to loopback on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Should be absent or set to loopback on CIS-compliant cluster", kubeApiServerCISCompliant, true),
Entry("Should be absent or set to loopback on Dublin cluster", kubeApiServerDublin, true),
)
@@ -316,7 +267,6 @@ var _ = Describe("Api", func() {
Entry("Is not set on insecure cluster", []string{}, false),
Entry("Is explicitly enabled on insecure cluster", []string{"--insecure-port=1234"}, false),
Entry("Should be set to 0 on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be set to 0 on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be set to 0 on Dublin cluster", kubeApiServerDublin, true),
)
@@ -326,7 +276,6 @@ var _ = Describe("Api", func() {
},
Entry("Is explicitly disabled on insecure cluster", []string{"--secure-port=0"}, false),
Entry("Should be absent or set to valid port on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be absent or set to valid port on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be absent or set to valid port on Dublin cluster", kubeApiServerDublin, true),
)
})
@@ -339,7 +288,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--audit-log-maxage="}, false),
Entry("Is insufficient on insecure cluster", []string{"--audit-log-maxage=5"}, false),
- Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be set appropriately on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -351,7 +299,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--audit-log-maxbackup="}, false),
Entry("Is insufficient on insecure cluster", []string{"--audit-log-maxbackup=2"}, false),
- Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be set appropriately on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -363,7 +310,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--audit-log-maxsize="}, false),
Entry("Is insufficient on insecure cluster", []string{"--audit-log-maxsize=5"}, false),
- Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be set appropriately on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -375,7 +321,6 @@ var _ = Describe("Api", func() {
Entry("Is empty on insecure cluster", []string{"--request-timeout="}, false),
Entry("Is too high on insecure cluster", []string{"--request-timeout=600"}, false),
Entry("Should be set only if needed on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be set only if needed on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be set only if needed on Dublin cluster", kubeApiServerDublin, true),
)
})
@@ -388,7 +333,6 @@ var _ = Describe("Api", func() {
Entry("Is not absent on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar,AlwaysAdmit,Baz,Quuz"}, false),
Entry("Is not absent on insecure deprecated cluster", []string{"--admission-control=Foo,Bar,AlwaysAdmit,Baz,Quuz"}, false),
Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be absent on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
)
@@ -398,7 +342,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
- Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -409,7 +352,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
- Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -420,7 +362,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
- Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -431,7 +372,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
- Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -443,7 +383,6 @@ var _ = Describe("Api", func() {
Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
)
@@ -453,7 +392,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
- Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
)
@@ -464,7 +402,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
- Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
@@ -475,7 +412,6 @@ var _ = Describe("Api", func() {
},
Entry("Is explicitly disabled on insecure cluster", []string{"--disable-admission-plugins=Foo,Bar,NamespaceLifecycle,Baz,Quuz"}, false),
Entry("Should not be disabled on CIS-compliant cluster", kubeApiServerCISCompliant, true),
- Entry("Should not be disabled on Casablanca cluster", kubeApiServerCasablanca, true),
Entry("Should not be disabled on Dublin cluster", kubeApiServerDublin, true),
)
@@ -485,7 +421,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not explicitly disabled on insecure cluster", []string{}, false),
Entry("Is not absent on insecure cluster", []string{"--authorization-mode=Foo,Bar,AlwaysAllow,Baz,Quuz"}, false),
- Entry("Is not explicitly disabled on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
)
@@ -496,7 +431,6 @@ var _ = Describe("Api", func() {
},
Entry("Is not explicitly enabled on insecure cluster", []string{}, false),
Entry("Is not present on insecure cluster", []string{"--authorization-mode=Foo,Bar"}, false),
- Entry("Is not explicitly enabled on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Should present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
Entry("Should present on Dublin cluster", kubeApiServerDublin, true),
)
@@ -510,7 +444,6 @@ var _ = Describe("Api", func() {
Entry("Is absent on insecure cluster", []string{}, false),
Entry("Is empty on insecure cluster", []string{"--tls-cipher-suites="}, false),
Entry("Is incomplete on insecure cluster", []string{"--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, false),
- Entry("Is incomplete on Casablanca cluster", kubeApiServerCasablanca, false),
Entry("Is incomplete on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be complete on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
diff --git a/test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go
index fcd337ac2..05e3cae7e 100644
--- a/test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go
+++ b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go
@@ -21,19 +21,7 @@ var _ = Describe("Controllermanager", func() {
"--root-ca-file=/etc/kubernetes/ssl/kube-ca.pem",
}
- // kubeControllerManagerCasablanca was obtained from virtual environment for testing
- // (introduced in Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882).
- kubeControllerManagerCasablanca = []string{
- "--kubeconfig=/etc/kubernetes/ssl/kubeconfig",
- "--address=0.0.0.0",
- "--root-ca-file=/etc/kubernetes/ssl/ca.pem",
- "--service-account-private-key-file=/etc/kubernetes/ssl/key.pem",
- "--allow-untagged-cloud",
- "--cloud-provider=rancher",
- "--horizontal-pod-autoscaler-use-rest-clients=false",
- }
-
- // kubeControllerManagerCasablanca was obtained from virtual environment for testing
+ // kubeControllerManagerDublin was obtained from virtual environment for testing
// (introduced in Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3).
kubeControllerManagerDublin = []string{
"--kubeconfig=/etc/kubernetes/ssl/kubecfg-kube-controller-manager.yaml",
@@ -64,7 +52,6 @@ var _ = Describe("Controllermanager", func() {
},
Entry("Is not set on insecure cluster", []string{}, false),
Entry("Is explicitly enabled on insecure cluster", []string{"--profiling=true"}, false),
- Entry("Is not set on Casablanca cluster", kubeControllerManagerCasablanca, false),
Entry("Should be set to false on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
Entry("Should be set to false on Dublin cluster", kubeControllerManagerDublin, true),
)
@@ -75,7 +62,6 @@ var _ = Describe("Controllermanager", func() {
},
Entry("Is not set on insecure cluster", []string{}, false),
Entry("Is explicitly disabled on insecure cluster", []string{"--use-service-account-credentials=false"}, false),
- Entry("Is not set on Casablanca cluster", kubeControllerManagerCasablanca, false),
Entry("Should be set to true on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
Entry("Should be set to true on Dublin cluster", kubeControllerManagerDublin, true),
)
@@ -89,7 +75,6 @@ var _ = Describe("Controllermanager", func() {
Entry("Is absent on insecure cluster", []string{""}, false),
Entry("Is empty on insecure cluster", []string{"--service-account-private-key-file="}, false),
Entry("Should be explicitly set on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
- Entry("Should be explicitly set on Casablanca cluster", kubeControllerManagerCasablanca, true),
Entry("Should be explicitly set on Dublin cluster", kubeControllerManagerDublin, true),
)
@@ -100,7 +85,6 @@ var _ = Describe("Controllermanager", func() {
Entry("Is absent on insecure cluster", []string{""}, false),
Entry("Is empty on insecure cluster", []string{"--root-ca-file="}, false),
Entry("Should be explicitly set on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
- Entry("Should be explicitly set on Casablanca cluster", kubeControllerManagerCasablanca, true),
Entry("Should be explicitly set on Dublin cluster", kubeControllerManagerDublin, true),
)
})
@@ -111,7 +95,6 @@ var _ = Describe("Controllermanager", func() {
Expect(IsInsecureBindAddressAbsentOrLoopback(params)).To(Equal(expected))
},
Entry("Is not absent on insecure cluster", []string{"--address=1.2.3.4"}, false),
- Entry("Is not absent nor set to loopback on Casablanca cluster", kubeControllerManagerCasablanca, false),
Entry("Is not absent nor set to loopback on Dublin cluster", kubeControllerManagerDublin, false),
Entry("Should be absent or set to loopback on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
)
@@ -124,7 +107,6 @@ var _ = Describe("Controllermanager", func() {
},
Entry("Is absent on insecure cluster", []string{""}, false),
Entry("Is empty on insecure cluster", []string{"--terminated-pod-gc-threshold="}, false),
- Entry("Is absent on Casablanca cluster", kubeControllerManagerCasablanca, false),
Entry("Should be explicitly set on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
Entry("Should be explicitly set on Dublin cluster", kubeControllerManagerDublin, true),
)
@@ -137,7 +119,6 @@ var _ = Describe("Controllermanager", func() {
},
Entry("Is not enabled on insecure cluster", []string{"--feature-gates=Foo=Bar,Baz=Quuz"}, false),
Entry("Is explicitly disabled on insecure cluster", []string{"--feature-gates=Foo=Bar,RotateKubeletServerCertificate=false,Baz=Quuz"}, false),
- Entry("Is not enabled on Casablanca cluster", kubeControllerManagerCasablanca, false),
Entry("Is not enabled on Dublin cluster", kubeControllerManagerDublin, false),
Entry("Should be enabled on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
)
diff --git a/test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go b/test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go
index 4166a58d7..7fb13b820 100644
--- a/test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go
+++ b/test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go
@@ -16,14 +16,7 @@ var _ = Describe("Scheduler", func() {
"--profiling=false",
}
- // kubeSchedulerCasablanca was obtained from virtual environment for testing
- // (introduced in Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882).
- kubeSchedulerCasablanca = []string{
- "--kubeconfig=/etc/kubernetes/ssl/kubeconfig",
- "--address=0.0.0.0",
- }
-
- // kubeSchedulerCasablanca was obtained from virtual environment for testing
+ // kubeSchedulerDublin was obtained from virtual environment for testing
// (introduced in Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3).
kubeSchedulerDublin = []string{
"--kubeconfig=/etc/kubernetes/ssl/kubecfg-kube-scheduler.yaml",
@@ -41,7 +34,6 @@ var _ = Describe("Scheduler", func() {
},
Entry("Is not set on insecure cluster", []string{}, false),
Entry("Is explicitly enabled on insecure cluster", []string{"--profiling=true"}, false),
- Entry("Is not set on Casablanca cluster", kubeSchedulerCasablanca, false),
Entry("Should be set to false on CIS-compliant cluster", kubeSchedulerCISCompliant, true),
Entry("Should be set to false on Dublin cluster", kubeSchedulerDublin, true),
)
@@ -53,7 +45,6 @@ var _ = Describe("Scheduler", func() {
Expect(IsInsecureBindAddressAbsentOrLoopback(params)).To(Equal(expected))
},
Entry("Is not absent on insecure cluster", []string{"--address=1.2.3.4"}, false),
- Entry("Is not absent nor set to loopback on Casablanca cluster", kubeSchedulerCasablanca, false),
Entry("Is not absent nor set to loopback on Dublin cluster", kubeSchedulerDublin, false),
Entry("Should be absent or set to loopback on CIS-compliant cluster", kubeSchedulerCISCompliant, true),
)