Kubernetes
- TEMPLATE kubernetes_machine_config_file
- Macro which generates Kubernetes remediation in MachineConfig format:
path (String): Path to the configuration file.
file_permissions_mode (String): File permissions to be applied to the file represented by path argument
source_content (String): The source of the content to be applied.
kubernetes_machine_config_file(path=’’, file_permissions_mode=’’, source=’’)
- TEMPLATE kubernetes_machine_config_file_with_dependencies
Macro which generates Kubernetes remediation in MachineConfig format with dependencies reflected:
path (String): Path to the configuration file.
file_permissions_mode (String): File permissions to be applied to the file represented by path argument
source_content (String): The source of the content to be applied.
deps (list): The list of dependencies for this remediation to be applies (they’re XCCDF IDs)
ocp_version_deps (String): States that the remediation needs a certain OpenShift version range to work
k8s_version_deps (String): States that the remediation needs a certain Kubernetes version range to work
kubernetes_machine_config_file_with_dependencies(path=’’, file_permissions_mode=’’, source=’’, deps=[], ocp_version_range=’’, k8s_version_range=’’)
- TEMPLATE kubernetes_machine_config_file_with_required_value
Macro which generates Kubernetes remediation in MachineConfig format with required value
path (String): Path to the configuration file.
file_permissions_mode (String): File permissions to be applied to the file represented by path argument
source_content (String): The source of the content to be applied.
vals (list): The list of required values for this remediation to be applies for example: var_something
kubernetes_machine_config_file_with_required_value(path=’’, file_permissions_mode=’’, source=’’, vals=[])
- TEMPLATE kubernetes_sshd_set
High level macro to generate Kubernetes remediation to set the ssh daemon configuration file.
kubernetes_sshd_set()
- TEMPLATE kubernetes_usbguard_set
High level macro to generate Kubernetes remediation to set the usbguard daemon configuration file.
kubernetes_usbguard_set(deps=[])
- TEMPLATE kubernetes_machineconfig_audit_add_syscall_rule
Macro to generate MachineConfig adding an auditd rule for syscall watching
kubernetes_machineconfig_audit_add_syscall_rule(path=’’, syscalls=[], key=’’, fields=’’)
- TEMPLATE kubernetes_machineconfig_ospp_audit_rules
Macro to generate MachineConfig setting OSPP audit rules
kubernetes_machineconfig_ospp_audit_rules()
- TEMPLATE kubernetes_machineconfig_logrotate_config
Macro to generate MachineConfig setting our recommended logrotate.conf
kubernetes_machineconfig_logrotate_config()
- TEMPLATE kubernetes_machineconfig_auditd_config
Macro to generate MachineConfig setting our recommended auditd.conf
kubernetes_machineconfig_auditd_config()
- TEMPLATE kubernetes_machineconfig_chrony_config
Macro to generate MachineConfig setting our recommended chrony.conf
kubernetes_machineconfig_chrony_config()
- TEMPLATE api_server_config
- Macro which generates Kubernetes remediation in APIServer format:
path (String): path for the variable
parameter (String): name of the variable to be set
value (String): xccdf vairable name to that varaiable
api_server_config(path=’’,parameter=’’, value=’’)
- TEMPLATE kubelet_config
- Macro which generates Kubernetes remediation in kubelet config format:
path (String): path for the variable
parameter (String): name of the variable to be set
value (String): xccdf vairable name to that varaiable
kubelet_config(path=’’, parameter=’’, value=’’)
- TEMPLATE kubelet_config_fixed
- Macro which generates Kubernetes remediation in kubelet config format:
path (String): path for the variable
parameter (String): name of the variable to be set
value (String): the fixed value to that varaiable
kubelet_config_fixed(path=’’, parameter=’’, value=’’)