Ensure that project config references a project template

An XCCDF Rule

Description

The OpenShift Container Platform API server automatically provisions new projects based on the project template that is identified by the projectRequestTemplate parameter in the cluster’s project configuration resource. As a cluster administrator, you can modify the default project template so that new projects created would satisfy the chosen compliance standards. For more information, follow the relevant documentation.

warning alert: Warning

This rule's check operates on the cluster configuration dump. Therefore, you need to use a tool that can query the OCP API, retrieve the /apis/config.openshift.io/v1/projects/cluster API endpoint to the local /apis/config.openshift.io/v1/projects/cluster file.

Rationale

Ensuring that the project configuration references a project template that sets up the required objects for new projects ensures that all new projects will be set in accordance with centralized settings.

ID: xccdf_org.ssgproject.content_rule_project_config_has_template
Severity: Medium
References: AC-4 SC-5 SC-5(1)

SRG-APP-000039-CTR-000110 SRG-APP-000246-CTR-000605 SRG-APP-000435-CTR-001070

CCE-86172-4
Updated: about 1 year ago

---
apiVersion: config.openshift.io/v1
kind: Project
metadata:
  name: cluster
spec:  projectRequestTemplate:
    name: co-project-request

Ensure that project config references a project template

Description

Rationale

Remediation - Kubernetes Patch