Commit f670f305 authored by Diogo Filipe Tomas Guerra's avatar Diogo Filipe Tomas Guerra
Browse files

Ensure kube-apiserver TLS connection to etcd server

Improve kube-bench remediations 1.2.26 and 1.2.29

Change-Id: I8349265d0fc23513a96328669debe5b554db4df6
parent d88ab62f
......@@ -311,6 +311,7 @@ KUBE_API_ADDRESS="--bind-address=0.0.0.0 --secure-port=$KUBE_API_PORT"
KUBE_API_ARGS="$KUBE_API_ARGS --authorization-mode=Node,RBAC --tls-cert-file=$CERT_DIR/server.crt"
KUBE_API_ARGS="$KUBE_API_ARGS --tls-private-key-file=$CERT_DIR/server.key"
KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt"
KUBE_API_ARGS="$KUBE_API_ARGS --etcd-cafile=$CERT_DIR/ca.crt --etcd-certfile=$CERT_DIR/server.crt --etcd-keyfile=$CERT_DIR/server.key"
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-key-file=${CERT_DIR}/service_account.key"
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-signing-key-file=${CERT_DIR}/service_account_private.key"
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-issuer=https://kubernetes.default.svc.cluster.local"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment