Guide to the Secure Configuration of Amazon Elastic Kubernetes Service
Rules, Groups, and Values defined within the XCCDF Benchmark
-
OpenShift Kube API Server config data name
OpenShift Kube API Server config data nameValue -
OpenShift Kube APIServer namespace
OpenShift Kube APIServer namespaceValue -
OpenShift Controller Settings
This section contains recommendations for the kube-controller-manager configurationGroup -
Kube controller manager config data name
Kube controller manager config data nameValue -
Kube controller manager config filepath
Kube controller manager config filepathValue -
Kube controller manager config check - port should not be zero
Kube controller manager config check - port should not be zeroValue -
Kube controller manager config check - rotate kubelet server certs
Kube controller manager config check - rotate kubelet server certsValue -
Kube controller manager config check - secure port
Kube controller manager config check - secure portValue -
Kube controller manager config check - service account CA
Kube controller manager config check - service account CAValue -
Kube controller manager config check - service account private key
Kube controller manager config check - service account private keyValue -
Kube controller manager config check - use service account
Kube controller manager config check - use service accountValue -
OpenShift etcd Settings
Contains rules that check correct OpenShift etcd settings.Group -
Etcd config filter
Etcd config filterValue -
Etcd config file path
Etcd config file pathValue -
kubelet - Allow Automatic Firewall Configuration
The kubelet has the ability to automatically configure the firewall to allow the containers required ports and connections to networking resources ...Rule Medium Severity -
kubelet - Enable Server Certificate Rotation
To enable the kubelet to rotate server certificates, edit the kubelet configuration file <code>/etc/kubernetes/kubelet/kubelet-config.json</code> o...Rule Medium Severity -
OpenShift - Master Node Settings
Contains evaluations for the master node configuration settings.Group -
OpenShift API Server
This section contains recommendations for openshift-apiserver configuration.Group -
Role-based Access Control
Role-based access control (RBAC) objects determine whether a user is allowed to perform a given action within a project. Cluster administrators ca...Group -
OpenShift - Risk Assessment Settings
Contains evaluations for the cluster's risk assessment configuration settings.Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.