Skip to content

Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure that the bind-address parameter is not used

    The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authentication or encryption. As such it should only be bound t...
    Rule Medium Severity
  • Ensure that the port parameter is zero

    The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authentication or encryption. As such it should only be bound t...
    Rule Medium Severity
  • Kubernetes Secrets Management

    Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Such information might otherwise be put in a Pod specification or in an image.
    Group
  • Consider external secret storage

    Consider the use of an external secrets storage and management system, instead of using Kubernetes Secrets directly, if you have more complex secret management needs. Ensure the solution requires a...
    Rule Medium Severity
  • Do Not Use Environment Variables with Secrets

    Secrets should be mounted as data volumes instead of environment variables.
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules