CIS K8s boolean cli arguments rules perform case sensitive check #2007
Assignees
Labels
8.15 candidate
bug
Something isn't working
good first issue
Good for newcomers
Team:Cloud Security
Cloud Security team related
Comments
moukoublen
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
CIS K8s rules:
1.2.18: Verify that the--profilingargument is set tofalseforkube-apiserver.1.3.2: Verify that the--profilingargument is set tofalseforkube-controller-manager.1.4.1: Verify that the--profilingargument is set tofalseforkube-scheduler.2.2: Verify that the--client-cert-authargument is set totrueforetcd.Evaluate to fail when the boolean values are
True/False.Preconditions
A k8s cluster with updated the mentioned arguments in control plane to have
True/Falsevalue.Config files:
/etc/kubernetes/manifests/kube-apiserver.yaml/etc/kubernetes/manifests/kube-controller-manager.yaml/etc/kubernetes/manifests/kube-scheduler.yaml/etc/kubernetes/manifests/etcd.yamlTo Reproduce
Write the exact actions one should perform in order to reproduce the bug.
Steps to reproduce the behavior:
Expected behavior
Those rules should pass with boolean values in this format
True/False.Technically the cli boolean flag parsing happens with
strconv.ParseBoolin all cases.strconv.ParseBoolaccepts these values:"1","t","T","true","TRUE","True"astrue"0","f","F","false","FALSE","False"asfalseThe text was updated successfully, but these errors were encountered: