Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/michaelpalacce/ansible-kubernetes-master-security
Security for kubernetes master
https://github.com/michaelpalacce/ansible-kubernetes-master-security
Last synced: 22 days ago
JSON representation
Security for kubernetes master
- Host: GitHub
- URL: https://github.com/michaelpalacce/ansible-kubernetes-master-security
- Owner: Michaelpalacce
- Created: 2021-05-25T10:34:32.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2021-05-25T11:04:06.000Z (over 3 years ago)
- Last Synced: 2024-11-06T16:04:24.676Z (2 months ago)
- Size: 1.95 KB
- Stars: 1
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Ansible playbook used to secure the master/controlplane node in a kubernetes cluster.
# Important
The security of your server is your own job. This sets up and checks a few important things, but not all of them.
# Notes
- anonymous-auth is not set to false because if set, nodes cannot join the cluster.
- No Admission control plugins have been set
- Some checks have been left out since they may result in an issue with the deployment if they are included or are too custom
# Supported variables
~~~
check_cluster_role_bindings
~~~
Checks if there is only one cluster-admin role binding
Defaults to: `yes`.
~~~
fix_file_permissions
~~~
Fixes all the relevant file permissions to be less open
Defaults to: `yes`.
~~~
fix_k8s_components
~~~
Edits some k8s manifest files to fix security issues
Defaults to: `yes`.
~~~
check_roles_have_wildcard_all
~~~
Checks if there are any wildcards in roles
Defaults to: `yes`.
~~~
check_default_namespace_empty
~~~
Checks if the default namespace has anything besides the kubernetes service
Defaults to: `yes`.