Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure no RoleBindings set for default Service Account
Using the <code>default</code> service account prevents accurate application rights review and audit tracing. Instead of <code>default</code>, create a new and unique service account and associate ...Rule Medium Severity -
Ensure Usage of Unique Service Accounts
Using the <code>default</code> service account prevents accurate application rights review and audit tracing. Instead of <code>default</code>, create a new and unique service account with the follo...Rule Medium Severity -
Enable the NodeRestriction Admission Control Plugin
To limit the <code>Node</code> and <code>Pod</code> objects that a kubelet could modify, ensure that the <code>NodeRestriction</code> plugin on kubelets is enabled in the api-server configuration b...Rule Medium Severity -
Enable the ServiceAccount Admission Control Plugin
To ensure <code>ServiceAccount</code> objects must be created and granted before pod creation is allowed, follow the documentation and create <code>ServiceAccount</code> objects as per your environ...Rule Medium Severity -
Ensure that anonymous requests to the API Server are authorized
By default, anonymous access to the OpenShift API is enabled, but at the same time, all requests must be authorized. If no authentication mechanism is used, the request is assigned the <code>system...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules