-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding OCP 3.11
- Loading branch information
pthomson
authored and
pthomson
committed
Jun 17, 2019
1 parent
ec9779f
commit 2275eea
Showing
5 changed files
with
1,970 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
## Version-specific settings that override the values in cfg/config.yaml | ||
|
||
master: | ||
apiserver: | ||
bins: | ||
- openshift start master api | ||
- hypershift openshift-kube-apiserver | ||
|
||
scheduler: | ||
bins: | ||
- "openshift start master controllers" | ||
confs: | ||
- /etc/origin/master/scheduler.json | ||
|
||
controllermanager: | ||
bins: | ||
- "openshift start master controllers" | ||
|
||
etcd: | ||
bins: | ||
- openshift start etcd | ||
|
||
node: | ||
proxy: | ||
bins: | ||
- openshift start network |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
--- | ||
controls: | ||
id: 3 | ||
text: "Federated Deployments" | ||
type: "federated" | ||
groups: | ||
- id: 3.1 | ||
text: "Federated API Server" | ||
checks: | ||
- id: 3.1.1 | ||
text: "Ensure that the --anonymous-auth argument is set to false (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.2 | ||
text: "Ensure that the --basic-auth-file argument is not set (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.3 | ||
text: "Ensure that the --insecure-allow-any-token argument is not set (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.4 | ||
text: "Ensure that the --insecure-bind-address argument is not set (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.5 | ||
text: "Ensure that the --insecure-port argument is set to 0 (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.6 | ||
text: "Ensure that the --secure-port argument is not set to 0 (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.7 | ||
text: "Ensure that the --profiling argument is set to false (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.8 | ||
text: "Ensure that the admission control policy is not set to AlwaysAdmit (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.9 | ||
text: "Ensure that the admission control policy is set to NamespaceLifecycle (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.10 | ||
text: "Ensure that the --audit-log-path argument is set as appropriate (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.11 | ||
text: "Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.12 | ||
text: "Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.13 | ||
text: "Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.14 | ||
text: "Ensure that the --authorization-mode argument is not set to AlwaysAllow (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.15 | ||
text: "Ensure that the --token-auth-file parameter is not set (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.16 | ||
text: "Ensure that the --service-account-lookup argument is set to true (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.17 | ||
text: "Ensure that the --service-account-key-file argument is set as appropriate (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.18 | ||
text: "Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
- id: 3.1.19 | ||
text: "Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
||
|
||
- id: 3.2 | ||
text: "Federation Controller Manager" | ||
checks: | ||
- id: 3.2.1 | ||
text: "Ensure that the --profiling argument is set to false (Scored)" | ||
type: "skip" | ||
scored: true | ||
|
Oops, something went wrong.