aboutsummaryrefslogtreecommitdiffstats
path: root/docker/security
diff options
context:
space:
mode:
authorCédric Ollivier <cedric.ollivier@orange.com>2020-09-13 14:53:26 +0200
committerCédric Ollivier <cedric.ollivier@orange.com>2020-09-13 17:01:01 +0200
commit258f2cadea3381f7625451b741280fa66f9cb020 (patch)
tree75132eb6ec7d1f2672ddfa7c3493ae9315fb2065 /docker/security
parentfb8a8bf7bcbab47d740271ef546127216a36d8fd (diff)
Split kube-bench master and node
The former deployment asked for all-in-one. Change-Id: I12e470cec9e82b82c6f3ea5ff2431087f5deb9be Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit bced94b6fe24c7e939fb22834deb77477e4a9bb9)
Diffstat (limited to 'docker/security')
-rw-r--r--docker/security/testcases.yaml28
1 files changed, 22 insertions, 6 deletions
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml
index e5423a47..c4f7e69b 100644
--- a/docker/security/testcases.yaml
+++ b/docker/security/testcases.yaml
@@ -2,7 +2,6 @@
tiers:
-
name: security
- ci_loop: '(daily)|(weekly)'
description: >-
Set of basic security tests.
testcases:
@@ -15,17 +14,34 @@ tiers:
Check that the kubernetes cluster has no known
vulnerabilities
run:
- name: 'kube_hunter'
+ name: kube_hunter
args:
severity: high
-
- case_name: kube_bench
+ case_name: kube_bench_master
project_name: functest
criteria: 100
blocking: false
description: >-
- Check that the kubernetes cluster has no known
- vulnerabilities
+ Checks whether Kubernetes is deployed securely by running
+ the master checks documented in the CIS Kubernetes
+ Benchmark.
run:
- name: 'kube_bench'
+ name: kube_bench
+ args:
+ target: master
+
+ -
+ case_name: kube_bench_node
+ project_name: functest
+ criteria: 100
+ blocking: false
+ description: >-
+ Checks whether Kubernetes is deployed securely by running
+ the node checks documented in the CIS Kubernetes
+ Benchmark.
+ run:
+ name: kube_bench
+ args:
+ target: node