/openshift-origin-sandbox

openshift origin travisci CIS K8s Benchmark kube-bench smoke tests(jenkins pipelines)

GNU General Public License v3.0GPL-3.0

openshift-origin-sandbox

Travis (.com) master branch: Build Status

travisci test branch
https://docs.travis-ci.com/user/deployment-v2/providers/openshift/

smoke tests

Basic Pipeline
Maven Slave Example
Blue Green Deployment Example
NodeJS (and Declarative) Pipeline Example

OpenShift 3 Jenkins Example
https://github.com/openshift/origin/tree/master/examples/jenkins
Using Jenkins Pipelines with OKD
https://github.com/openshift/origin/tree/master/examples/jenkins/pipeline

CIS Kubernetes Benchmark - kube-bench

== Remediations ==

7.9 Reset to the OpenShift defaults

7.12 Reset to the OpenShift default values.

7.14 Edit the Openshift node config file /etc/origin/node/node-config.yaml and set RotateKubeletClientCertificate to true.

7.15 Edit the Openshift node config file /etc/origin/node/node-config.yaml and set RotateKubeletServerCertificate to true.

8.1 Run the below command on each worker node.

chmod 644 /etc/origin/node/node.kubeconfig

8.2

8.3 Run the below command on each worker node.

chmod 644 $nodesvc

8.4

8.5 Run the below command on each worker node.

chmod 644 /etc/origin/node/node.kubeconfig

8.6

8.7 Run the below command on each worker node.

chmod 644 /etc/origin/node/client-ca.crt

8.8

== Summary ==

7 checks PASS

8 checks FAIL

4 checks WARN

4 checks INFO

The command "./kube-bench --version ocp-3.11" exited with 0.

CIS Kubernetes benchmark
https://docs.docker.com/compliance/cis/k8s/
kube-bench
https://github.com/aquasecurity/kube-bench
An objective, consensus-driven security guideline for the Kubernetes Server Software
https://www.cisecurity.org/benchmark/kubernetes/
An objective, consensus-driven security guideline for the Microsoft Azure Cloud Providers.
https://www.cisecurity.org/benchmark/azure/