You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operator-nexus/concepts-security.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,8 +72,8 @@ Environmental controls such as RBAC and Service Account tests aren't evaluated b
72
72
|V-242386|The Kubernetes API server must have the insecure port flag disabled|NTF|This check is deprecated in v1.24.0 and greater|
73
73
|V-242397|The Kubernetes kubelet staticPodPath must not enable static pods|NTF|Only enabled for control nodes, required for kubeadm|
74
74
|V-242403|Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event|NTF|Certain API requests and responses contain secrets and therefore aren't captured in the audit logs|
75
-
|V-242424|Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service|NTF|Kubelet SANS contains hostname only|
76
-
|V-242425|Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service.|NTF|Kubelet SANS contains hostname only|
75
+
|V-242424|Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service|NTF|Kubelet SANs contains hostname only|
76
+
|V-242425|Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service.|NTF|Kubelet SANs contains hostname only|
77
77
|V-242434|Kubernetes Kubelet must enable kernel protection.|NTF|Enabling kernel protection isn't feasible for kubeadm in Nexus|
78
78
79
79
@@ -86,8 +86,8 @@ Environmental controls such as RBAC and Service Account tests aren't evaluated b
86
86
|V-242386|The Kubernetes API server must have the insecure port flag disabled|NTF|This check is deprecated in v1.24.0 and greater|
87
87
|V-242397|The Kubernetes kubelet staticPodPath must not enable static pods|NTF|Only enabled for control nodes, required for kubeadm|
88
88
|V-242403|Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event|NTF|Certain API requests and responses contain secrets and therefore aren't captured in the audit logs|
89
-
|V-242424|Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service|NTF|Kubelet SANS contains hostname only|
90
-
|V-242425|Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service.|NTF|Kubelet SANS contains hostname only|
89
+
|V-242424|Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service|NTF|Kubelet SANs contains hostname only|
90
+
|V-242425|Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service.|NTF|Kubelet SANs contains hostname only|
91
91
|V-242434|Kubernetes Kubelet must enable kernel protection.|NTF|Enabling kernel protection isn't feasible for kubeadm in Nexus|
92
92
93
93
@@ -110,7 +110,7 @@ As a secure service, Azure Kubernetes Service (AKS) complies with SOC, ISO, PCI
110
110
|1.1|Control Plane Node Configuration Files|||
111
111
|1.1.12|Ensure that the etcd data directory ownership is set to `etcd:etcd`|NTF|Nexus is `root:root`, etcd user isn't configured for kubeadm|
112
112
|1.2|API Server|||
113
-
|1.1.12|Ensure that the `--kubelet-certificate-authority` argument is set as appropriate|NTF|Kubelet SANS includes hostname only|
113
+
|1.1.12|Ensure that the `--kubelet-certificate-authority` argument is set as appropriate|NTF|Kubelet SANs includes hostname only|
114
114
115
115
116
116
*Nexus Kubernetes Cluster*
@@ -123,7 +123,7 @@ As a secure service, Azure Kubernetes Service (AKS) complies with SOC, ISO, PCI
123
123
|1.1|Control Plane Node Configuration Files|||
124
124
|1.1.12|Ensure that the etcd data directory ownership is set to `etcd:etcd`|NTF|Nexus is `root:root`, etcd user isn't configured for kubeadm|
125
125
|1.2|API Server|||
126
-
|1.1.12|Ensure that the `--kubelet-certificate-authority` argument is set as appropriate|NTF|Kubelet SANS includes hostname only|
126
+
|1.1.12|Ensure that the `--kubelet-certificate-authority` argument is set as appropriate|NTF|Kubelet SANs includes hostname only|
0 commit comments