Kubernetes Control Plane Charm

  1. Bug #1841262
  2. Comment #0

Comment 0 for bug 1841262

Revision history for this message
Kevin W Monroe (kwmonroe) wrote : snap config for kube-bench conformance

kube-bench is a convenient tool to check if K8s is deployed according to the CIS k8s benchmarks for security best practices:

https://blog.aquasec.com/kubernetes-security-cis-benchmarks

Currently, this tool makes assumptions about binary and config file locations that are not congruent with snap-based component installation. This leads to multiple false-positives, making it easy to miss actual configuration problems. There's an upstream PR to address this:

https://github.com/aquasecurity/kube-bench/pull/389

When a snap-based config is used, there are valid issues with the default configuration of k8s snaps used in charmed kubernetes. Let's use this bug to address those.