public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-25 06:08:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

removed Known Scored Control Failures, updated NetworkPolicy, added to cluster.yml example

Browse Source
This commit is contained in:
Nelson Roberts
2020-03-17 09:19:10 -07:00
parent 6c494d553c
commit 4373346bdc
3 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/security/benchmark-2.3/_index.md
-6
View File
@@ -29,12 +29,6 @@ Scoring the commands is different in Rancher Labs than in the CIS Benchmark. Whe
When performing the tests, you will need access to the Docker command line on the hosts of all three RKE roles. The commands also make use of the the `jq` command to provide human-readable formatting.
#### Known Scored Control Failures
The following scored controls do not currently pass, and Rancher Labs is working towards addressing these through future enhancements to the product.
- 1.1.21 - Ensure that the `--kubelet-certificate-authority` argument is set as appropriate (Scored)
### Controls
---
content/rancher/v2.x/en/security/hardening-2.3.5/_index.md
+4
View File
@@ -118,6 +118,10 @@ metadata:
name: default-allow-all
spec:
podSelector: {}
ingress:
- {}
egress:
- {}
policyTypes:
- Ingress
- Egress
content/rancher/v2.x/en/security/hardening-2.3/_index.md
+1
View File
@@ -1266,6 +1266,7 @@ services:
anonymous-auth: "false"
feature-gates: "RotateKubeletServerCertificate=true"
tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256"
generate_serving_certificate: true
kube-api:
pod_security_policy: true
extra_args: