Skip to content

Add multiple kube-bench suggested modifications

Diogo Filipe Tomas Guerra requested to merge kube-bench-updates into cern/train

All commits come from upstream contributed merge requests:

  • 5ca33ee9 [cern] Fix kube-bench 1.2.1, 1.2.23, 1.3.1.
    • Set shorter apiserver timeout (from 60s to 10s)
    • decrease number of terminated pods to GC
    • Disallow anonymous auth
  • ed7b8a3c [cern] Fix kube-bench 1.2.32 and 4.2.13
    • set TLS cypher-suits to use on kubelet and apiserver
  • d6f950f7 [cern] Ensure kube-apiserver TLS connection to etcd server
    • set keys and certificates to use for connection with etcd server
  • 303e6777 [cern] Add kube-bench disable profilling
    • disable profiling on kubernetes control plane components

Closes: https://gitlab.cern.ch/kubernetes/project/-/issues/251

Edited by Diogo Filipe Tomas Guerra

Merge request reports