Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Frankfurt

Integration health checks will automatically perform the following security checks for the Frankfurt release.

  1. pod_root: Pods must not run as root in Frankfurt.
  2. Java debug wire protocol (jdpw) port must be closed.
    1. Update the test  to exclude false positives reported by the project teams.
  3. nodeport_ingress: HTTP ports must be migrated to HTTPS.
    1. Review the list of the current 20 HTTP ports to determine which ones are necessary (robot, portal-sdk, portal-app, message-router, dmaap-bc, log-kibana, log-es, dmaap-dr-prov, cli , consul-server-ui, sniro-emulator, refrepo , uui, config-binding-service, dashboard, netbox-nginx, music-tomcat, cds-blueprints-processor-http, aaf-fs). The aaf-fs port is a known exception.
    2. Upgrade test to exclude those HTTP port.

CIS Benchmarks

View file
nameCIS_Docker_Benchmark_v1.2.0.pdf
height250
               
View file
nameCIS_Kubernetes_Benchmark_v1.4.1.pdf
height250