Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Namespaces exempt of Network Policies
Namespaces regular expression explicitly allowed through network policy filters, e.g. setting value to "namespace1|namespace2" will exempt namespace "namespace1" and "namespace2" for network polici...Value -
Ensure that cluster-wide proxy is set
<p> Production environments can deny direct access to the Internet and instead have an HTTP or HTTPS proxy available. </p> <p> The Proxy object is used to manage the cl...Rule Medium Severity -
Ensure that all Routes has IP whitelist annotation
OpenShift has an option to set the IP whitelist for Routes [1] when creating new Routes. All routes outside the openshift namespaces and the kube namespaces should use the IP whitelist annotations...Rule Medium Severity -
Configure the OpenShift API Server Maximum Retained Audit Logs
To configure how many rotations of audit logs are retained, edit the <code>openshift-apiserver</code> configmap and set the <code>audit-log-maxbackup</code> parameter to <code>10</code> or to an or...Rule Low Severity -
Ensure roles are defined in the cluster
<p> RBAC is a critical feature in terms of security for Kubernetes and OpenShift. It enables administrators to segment the privileges granted to a service account, and thus allows us...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules