GO-2022-0995: Talos worker join token can be used to get elevated access level to the Talos API in github.com/talos-systems/talos

cis

package

v0.2.0 Latest Latest Go to latest Published: Oct 4, 2019 License: MPL-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/talos-systems/talos

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateEncryptionToken() error
func EnforceAdmissionPluginsRequirements(cfg *kubeadmapi.ClusterConfiguration) error
func EnforceAuditingRequirements(cfg *kubeadmapi.ClusterConfiguration) error
func EnforceExtraRequirements(cfg *kubeadmapi.ClusterConfiguration) error
func EnforceMasterRequirements(cfg *kubeadmapi.ClusterConfiguration, generateSecret bool) error
func EnforceSecretRequirements(cfg *kubeadmapi.ClusterConfiguration) error
func EnforceTLSRequirements(cfg *kubeadmapi.ClusterConfiguration) error
func EnforceWorkerRequirements(cfg *kubeadmapi.JoinConfiguration) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateEncryptionToken ¶

func CreateEncryptionToken() error

CreateEncryptionToken generates an encryption token to be used for secrets

func EnforceAdmissionPluginsRequirements ¶

func EnforceAdmissionPluginsRequirements(cfg *kubeadmapi.ClusterConfiguration) error

EnforceAdmissionPluginsRequirements enforces CIS requirements for admission plugins. TODO(andrewrynhard): Include any extra user specified plugins. TODO(andrewrynhard): Enable EventRateLimit. TODO(andrewrynhard): Enable AlwaysPullImages (See https://github.com/kubernetes/kubernetes/issues/64333).

func EnforceAuditingRequirements ¶

func EnforceAuditingRequirements(cfg *kubeadmapi.ClusterConfiguration) error

EnforceAuditingRequirements enforces CIS requirements for auditing.

func EnforceExtraRequirements ¶

func EnforceExtraRequirements(cfg *kubeadmapi.ClusterConfiguration) error

EnforceExtraRequirements enforces miscellaneous CIS requirements. TODO(andrewrynhard): Enable anonymous-auth, see https://github.com/kubernetes/kubeadm/issues/798. TODO(andrewrynhard): Enable kubelet-certificate-authority, see https://github.com/kubernetes/kubeadm/issues/118#issuecomment-407202481.

func EnforceMasterRequirements ¶

func EnforceMasterRequirements(cfg *kubeadmapi.ClusterConfiguration, generateSecret bool) error

EnforceMasterRequirements enforces the CIS requirements for master nodes.

func EnforceSecretRequirements ¶

func EnforceSecretRequirements(cfg *kubeadmapi.ClusterConfiguration) error

EnforceSecretRequirements enforces CIS requirements for secrets.

func EnforceTLSRequirements ¶

func EnforceTLSRequirements(cfg *kubeadmapi.ClusterConfiguration) error

EnforceTLSRequirements enforces CIS requirements for TLS.

func EnforceWorkerRequirements ¶

func EnforceWorkerRequirements(cfg *kubeadmapi.JoinConfiguration) error

EnforceWorkerRequirements enforces the CIS requirements for master nodes.

Types ¶

This section is empty.

Source Files ¶

View all Source files

cis.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL