Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure that the bind-address parameter is not used
The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authenticatio...Rule Medium Severity -
Ensure that the port parameter is zero
The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authenticatio...Rule Medium Severity -
Kubernetes Secrets Management
Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Such information might otherwise be put in a...Group -
Verify User Who Owns The Worker Kubeconfig File
To properly set the owner of/var/lib/kubelet/kubeconfig
, run the command:$ sudo chown root /var/lib/kubelet/kubeconfig
Rule Medium Severity -
Consider external secret storage
Consider the use of an external secrets storage and management system, instead of using Kubernetes Secrets directly, if you have more complex secre...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules