-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix the kube-bench 1.1.19 to enhance security #9937
Fix the kube-bench 1.1.19 to enhance security #9937
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: yankay The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
- "{{ kube_manifest_dir }}" | ||
- "{{ kube_script_dir }}" | ||
- "{{ kubelet_flexvolumes_plugins_dir }}" | ||
|
||
- name: Create kubernetes cert directories |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm I think the "Create other directories" task just below also do that, maybe it should be created there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is a nice point.
We just need to move {{ kube_cert_dir }}
into the existing Create other directories
task.
It is better to rename the Create other directories
task to Create other directories of root owner
or something to clarify what is different from Create kubernetes directories
task.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/cc @oomichi
- "{{ kube_manifest_dir }}" | ||
- "{{ kube_script_dir }}" | ||
- "{{ kubelet_flexvolumes_plugins_dir }}" | ||
|
||
- name: Create kubernetes cert directories |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is a nice point.
We just need to move {{ kube_cert_dir }}
into the existing Create other directories
task.
It is better to rename the Create other directories
task to Create other directories of root owner
or something to clarify what is different from Create kubernetes directories
task.
ff175af
to
df3b62d
Compare
Thanks @oomichi @MrFreezeex , it has been changed :-) |
Thanks for updating. /lgtm |
What type of PR is this?
What this PR does / why we need it:
Fix kube-bench check Fail 1.1.19
Ref to https://github.com/aquasecurity/kube-bench/blob/main/cfg/cis-1.24/master.yaml#L268
Which issue(s) this PR fixes:
Fixes #9933
Special notes for your reviewer:
Does this PR introduce a user-facing change?: