Kubernetes

TEMPLATE kubernetes_machine_config_file
Macro which generates Kubernetes remediation in MachineConfig format:
  • path (String): Path to the configuration file.

  • file_permissions_mode (String): File permissions to be applied to the file represented by path argument

  • source_content (String): The source of the content to be applied.

kubernetes_machine_config_file(path=’’, file_permissions_mode=’’, source=’’)

TEMPLATE kubernetes_machine_config_file_with_dependencies

Macro which generates Kubernetes remediation in MachineConfig format with dependencies reflected:

  • path (String): Path to the configuration file.

  • file_permissions_mode (String): File permissions to be applied to the file represented by path argument

  • source_content (String): The source of the content to be applied.

  • deps (list): The list of dependencies for this remediation to be applies (they’re XCCDF IDs)

  • ocp_version_deps (String): States that the remediation needs a certain OpenShift version range to work

  • k8s_version_deps (String): States that the remediation needs a certain Kubernetes version range to work

kubernetes_machine_config_file_with_dependencies(path=’’, file_permissions_mode=’’, source=’’, deps=[], ocp_version_range=’’, k8s_version_range=’’)

TEMPLATE kubernetes_machine_config_file_with_required_value

Macro which generates Kubernetes remediation in MachineConfig format with required value

  • path (String): Path to the configuration file.

  • file_permissions_mode (String): File permissions to be applied to the file represented by path argument

  • source_content (String): The source of the content to be applied.

  • vals (list): The list of required values for this remediation to be applies for example: var_something

kubernetes_machine_config_file_with_required_value(path=’’, file_permissions_mode=’’, source=’’, vals=[])

TEMPLATE kubernetes_sshd_set

High level macro to generate Kubernetes remediation to set the ssh daemon configuration file.

kubernetes_sshd_set()

TEMPLATE kubernetes_usbguard_set

High level macro to generate Kubernetes remediation to set the usbguard daemon configuration file.

kubernetes_usbguard_set(deps=[])

TEMPLATE kubernetes_machineconfig_audit_add_syscall_rule

Macro to generate MachineConfig adding an auditd rule for syscall watching

kubernetes_machineconfig_audit_add_syscall_rule(path=’’, syscalls=[], key=’’, fields=’’)

TEMPLATE kubernetes_machineconfig_ospp_audit_rules

Macro to generate MachineConfig setting OSPP audit rules

kubernetes_machineconfig_ospp_audit_rules()

TEMPLATE kubernetes_machineconfig_logrotate_config

Macro to generate MachineConfig setting our recommended logrotate.conf

kubernetes_machineconfig_logrotate_config()

TEMPLATE kubernetes_machineconfig_auditd_config

Macro to generate MachineConfig setting our recommended auditd.conf

kubernetes_machineconfig_auditd_config()

TEMPLATE kubernetes_machineconfig_chrony_config

Macro to generate MachineConfig setting our recommended chrony.conf

kubernetes_machineconfig_chrony_config()

TEMPLATE api_server_config
Macro which generates Kubernetes remediation in APIServer format:
  • path (String): path for the variable

  • parameter (String): name of the variable to be set

  • value (String): xccdf vairable name to that varaiable

api_server_config(path=’’,parameter=’’, value=’’)

TEMPLATE kubelet_config
Macro which generates Kubernetes remediation in kubelet config format:
  • path (String): path for the variable

  • parameter (String): name of the variable to be set

  • value (String): xccdf vairable name to that varaiable

kubelet_config(path=’’, parameter=’’, value=’’)

TEMPLATE kubelet_config_fixed
Macro which generates Kubernetes remediation in kubelet config format:
  • path (String): path for the variable

  • parameter (String): name of the variable to be set

  • value (String): the fixed value to that varaiable

kubelet_config_fixed(path=’’, parameter=’’, value=’’)