NDEV-20011 : adding CIS GKE-1.6.0 benchmarks

nirmata · Aug 16, 2024 · 75ead54 · 75ead54
1 parent 01ea8f8
commit 75ead54
Show file tree

Hide file tree

Showing 6 changed files with 1,323 additions and 0 deletions.
diff --git a/cfg/gke-1.6.0/config.yaml b/cfg/gke-1.6.0/config.yaml
@@ -0,0 +1,2 @@
+---
+## Version-specific settings that override the values in cfg/config.yaml
diff --git a/cfg/gke-1.6.0/controlplane.yaml b/cfg/gke-1.6.0/controlplane.yaml
@@ -0,0 +1,35 @@
+---
+controls:
+version: "gke-1.6.0"
+id: 2
+text: "Control Plane Configuration"
+type: "controlplane"
+groups:
+  - id: 2.1
+    text: "Authentication and Authorization"
+    checks:
+      - id: 2.1.1
+        text: "Client certificate authentication should not be used for users (Manual)"
+        type: "manual"
+        remediation: |
+          Alternative mechanisms provided by Kubernetes such as the use of OIDC should be
+          implemented in place of client certificates.
+          You can remediate the availability of client certificates in your GKE cluster. See
+          Recommendation 5.8.1.
+        scored: false
+
+  - id: 2.2
+    text: "Logging"
+    type: skip
+    checks:
+      - id: 2.2.1
+        text: "Ensure that a minimal audit policy is created (Manual)"
+        type: "manual"
+        remediation: "This control cannot be modified in GKE."
+        scored: false
+
+      - id: 2.2.2
+        text: "Ensure that the audit policy covers key security concerns (Manual)"
+        type: "manual"
+        remediation: "This control cannot be modified in GKE."
+        scored: false