Rancher CIS Kubernetes v.1.4.0 Benchmark Self
Assessmentinspect kube-apiserver | jq -e '.[0].Args[] | match("--basic-auth-file=.*").string' Returned Value: null Result: Pass 1.1.3 - Ensure that the --insecure-allow-any-token argument is not set (Scored) kube-apiserver | jq -e '.[0].Args[] | match("--insecure-allow-any-token").string' Returned Value: null Result: Pass 1.1.4 - Ensure that the --kubelet-https argument is set to true (Scored) Audit inspect kube-apiserver | jq -e '.[0].Args[] | match("--kubelet-https=false").string' Returned Value: null Result: Pass 1.1.5 - Ensure that the --insecure-bind-address argument is not set (Scored) Notes0 码力 | 47 页 | 302.56 KB | 1 年前3- CIS Benchmark Rancher Self-Assessment Guide - v2.45.1.5.sh #!/bin/bash export KUBECONFIG=${KUBECONFIG:-/root/.kube/config} kubectl version > /dev/null if [ $? -ne 0 ]; then echo "fail: kubectl failed" exit 1 fi accounts="$(kubectl --kubeconfig=${KUBECONFIG} jq -r '.items[] | select(.metadata.name=="default") | select((.automountServiceAccountToken == null) or (.automountServiceAccountToken == true)) | "fail \ (.metadata.name) \(.metadata.namespace)"')" --kubeconfig=/root/.kube/config get psp -o json | jq .items[] | jq -r 'select((.spec.hostPID == null) or CIS Benchmark Rancher Self-Assessment Guide - v2.4 50 (.spec.hostPID == false))' | jq .metadata0 码力 | 54 页 | 447.77 KB | 1 年前3
- CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.55.1.5.sh #!/bin/bash export KUBECONFIG=${KUBECONFIG:-/root/.kube/config} kubectl version > /dev/null if [ $? -ne 0 ]; then echo "fail: kubectl failed" exit 1 fi accounts="$(kubectl --kubeconfig=${KUBECONFIG} jq -r '.items[] | select(.metadata.name=="default") | select((.automountServiceAccountToken == null) or (.automountServiceAccountToken == true)) | "fail \ (.metadata.name) \(.metadata.namespace)"')" --kubeconfig=/root/.kube/config get psp -o json | jq .items[] | jq -r 'select((.spec.hostPID == null) or (.spec.hostPID == false))' | jq .metadata.name | wc -l | xargs -I {} echo '--count={}' Expected0 码力 | 54 页 | 447.97 KB | 1 年前3
- CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4| jq -r '.items[] | select(.metadata.name=="default") | select((.automountServiceAccountToken == null) or CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4 119 (.automountServiceAccountToken or set to false. Audit: kubectl get psp -o json | jq .items[] | jq -r 'select((.spec.h ostPID == null) or (.spec.hostPID == false))' | jq .metadata.n ame | wc -l | xargs -I {} echo '--count={}' Expected or set to false. Audit: kubectl get psp -o json | jq .items[] | jq -r 'select((.spec.h ostIPC == null) or (.spec.hostIPC == false))' | jq .metadata.n ame | wc -l | xargs -I {} echo '--count={}' Expected0 码力 | 132 页 | 1.12 MB | 1 年前3
- Rancher Hardening Guide v2.3.5options: {} mtu: 0 node_selector: {} authentication: strategy: "" sans: [] webhook: null addons: | --- apiVersion: v1 kind: Namespace metadata: name: ingress-nginx --- provider: "" options: {} node_selector: {} restore: restore: false snapshot_name: "" dns: null Reference Hardened RKE Template configuration The reference RKE Template provides the configuration0 码力 | 21 页 | 191.56 KB | 1 年前3
- Rancher Hardening Guide v2.4options: {} mtu: 0 node_selector: {} authentication: strategy: "" sans: [] webhook: null addons: | Hardening Guide v2.4 8 --- apiVersion: v1 kind: Namespace metadata: provider: "" options: {} node_selector: {} restore: restore: false snapshot_name: "" dns: null Reference Hardened RKE Template configuration The reference RKE Template provides the configuration0 码力 | 22 页 | 197.27 KB | 1 年前3
- Deploying and ScalingKubernetes with Rancher
certificate from the domain $ openssl s_client -showcerts -connect ${DOMAIN}:${PORT} null 2>/dev/null|openssl x509 - outform PEM >ca.crt # Copy the certificate to the appropriate directories $0 码力 | 66 页 | 6.10 MB | 1 年前3
共 7 条
- 1