Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PSUPCLPL-13377] - Guide For OAuth2 authorization in Kubernetes #574

Merged
merged 11 commits into from
Mar 20, 2024
Merged

[PSUPCLPL-13377] - Guide For OAuth2 authorization in Kubernetes #574

merged 11 commits into from
Mar 20, 2024

Conversation

pranavcracker
Copy link
Collaborator

@pranavcracker pranavcracker commented Dec 12, 2023
edited
Loading

Description

  • We use kube-bench to make KubeMarine CIS aligned. Some of the improvements do not support in source code and could be applied manually.
  • The suggested improvements have be reproduced
  • Some additional observation in CIS scan which needs to be added in the hardening guide

Solution

  • Update the guide (hardening) in KubeMarine documentations

How to apply

Not applicable

Test Plan

After applying the changes mentioned in this PR, run the kube-bench scan and verify result for identifier 3.1.2

  • Login to one of the master node of the cluster on which it is going to be tested
  • Download kube-bench_0.6.17_linux_amd64 package from https://github.com/aquasecurity/kube-bench
  • Install downloaded pkg using sudo dpkg -i kube-bench_0.6.17_linux_amd64.deb
  • Run scan using command - kube-bench and check for identifier 3.1.2

Checklist

  • I have made corresponding changes to the documentation
  • Integration CI passed
  • There is no merge conflicts

@pranavcracker pranavcracker changed the title Cis compliance [PSUPCLPL-13377] - Guide For OAuth2 authorization in Kubernetes Dec 12, 2023
@pranavcracker pranavcracker added the documentation Improvements or additions to documentation label Dec 12, 2023
@pranavcracker pranavcracker marked this pull request as ready for review December 12, 2023 10:54
@alexarefev
Copy link
Collaborator

alexarefev commented Jan 11, 2024
edited
Loading

Hi @pranavcracker!
Let's make it more generic. Basically we need only common advice which services could be used and which changes should be applied to Kubernetes control plane to prevent potential secure issues according CIS warnings.

@pranavcracker pranavcracker marked this pull request as draft March 1, 2024 09:09
@pranavcracker pranavcracker marked this pull request as ready for review March 12, 2024 07:47
@koryaga koryaga requested a review from shmo1218 March 20, 2024 06:42
@koryaga
Copy link
Contributor

koryaga commented Mar 20, 2024

@shmo1218 pls update

shmo1218
shmo1218 approved these changes Mar 20, 2024
View reviewed changes
Copy link
Contributor

@shmo1218 shmo1218 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The doc review is done.

@koryaga koryaga merged commit 13f331b into main Mar 20, 2024
36 checks passed
@koryaga koryaga deleted the CIS-Compliance branch March 20, 2024 10:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexarefev alexarefev alexarefev approved these changes

@shmo1218 shmo1218 shmo1218 approved these changes

Assignees

@koryaga koryaga

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pranavcracker @alexarefev @koryaga @shmo1218