Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Each Namespace should only host one application
Use namespaces to isolate your Kubernetes objects.Rule Medium Severity -
Create Network Boundaries between Functional Different Nodes
Use different Networks for Control Plane, Worker and Individual Application Services.Rule Medium Severity -
Create Boundaries between Resources using Nodes or Clusters
Use Nodes or Clusters to isolate Workloads with high protection requirements. Run the following command and review the pods and how they are deployed on Nodes. <pre>$ oc get pod -o=custom-columns=...Rule Medium Severity -
Ensure that the LifecycleAndUtilization Profile for the Kube Descheduler Operator is Enabled
If there is an increased risk of external influences and a very high need for protection, pods should be stopped and restarted regularly. No pod should run for more than 24 hours. The availability ...Rule Medium Severity -
Ensure that the Kube Descheduler operator is deployed
If there is an increased risk of external influences and a very high need for protection, pods should be stopped and restarted regularly. No pod should run for more than 24 hours. The availability ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules