Merge branch 'master' into Config-doc

81f0d9c6 · Liz Rice · GitHub · df357751 · 312cdb1c · 81f0d9c6
Unverified Commit 81f0d9c6 authored 6 years ago by Liz Rice Committed by GitHub 6 years ago
--- a/README.md
+++ b/README.md
@@ -5,7 +5,9 @@

 <img src="images/kube-bench.png" width="200" alt="kube-bench logo">

-kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/).
+kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/). 
+
+Note that it is impossible to inspect the master nodes of managed clusters, e.g. GKE, EKS and AKS, using kube-bench as one does not have access to such nodes, although it is still possible to use kube-bench to check worker node configuration in these environments.

 Tests are configured with YAML files, making this tool easy to update as test specifications evolve.


--- a/cfg/ocp-3.10/config.yaml
+++ b/cfg/ocp-3.10/config.yaml
@@ -4,7 +4,18 @@
 master:
  apiserver:
    bins:
+      - openshift start master api
      - hypershift openshift-kube-apiserver
+     
+  scheduler:
+    bins:
+      - "openshift start master controllers"
+    confs:
+      - /etc/origin/master/scheduler.json
+
+  controllermanager:
+    bins:
+      - "openshift start master controllers"

  etcd:
    bins: