Add GKE 1.6 CIS benchmark for GCP environment (aquasecurity#1672)

* Add config entries for GKE 1.6 controls * Add gke1.6 control plane recommendations * Add gke-1.6.0 worker node recommendations * Add gke-1.6.0 policy recommendations * Add managed services and policy recommendation * Add master recommendations * Fix formatting across gke-1.6.0 files * Add gke-1.6.0 benchmark selection based on k8s version * Workaround: hardcode kubelet config path for gke-1.6.0 * Fix tests for makeIPTablesUtilChaings * Change scored field for all node tests to true * Fix kubelet file permission to check for --------- Co-authored-by: afdesk <[email protected]>
VoerEirAB · Oct 14, 2024 · 2873eea · 2873eea
1 parent d2041f5
commit 2873eea
Showing 1 changed file with 23 additions and 22 deletions.
diff --git a/docs/architecture.md b/docs/architecture.md
@@ -13,28 +13,29 @@ Check the contents of the benchmark directory under `cfg` to see which targets a
 
 The following table shows the valid targets based on the CIS Benchmark version.
 
-| CIS Benchmark     | Targets |
-|-------------------|---------|
-| cis-1.5           | master, controlplane, node, etcd, policies |
-| cis-1.6           | master, controlplane, node, etcd, policies |
-| cis-1.20          | master, controlplane, node, etcd, policies |
-| cis-1.23          | master, controlplane, node, etcd, policies |
-| cis-1.24          | master, controlplane, node, etcd, policies |
-| cis-1.7           | master, controlplane, node, etcd, policies |
-| cis-1.8           | master, controlplane, node, etcd, policies |
-| cis-1.9           | master, controlplane, node, etcd, policies |
-| gke-1.0           | master, controlplane, node, etcd, policies, managedservices |
-| gke-1.2.0         | controlplane, node, policies, managedservices |
-| eks-1.0.1         | controlplane, node, policies, managedservices |
-| eks-1.1.0         | controlplane, node, policies, managedservices |
-| eks-1.2.0         | controlplane, node, policies, managedservices |
-| ack-1.0           | master, controlplane, node, etcd, policies, managedservices |
-| aks-1.0           | controlplane, node, policies, managedservices |
-| rh-0.7            | master,node|
-| rh-1.0            | master, controlplane, node, etcd, policies |
-| rh-1.6            | master, controlplane, node, etcd, policies |
-| cis-1.6-k3s       | master, controlplane, node, etcd, policies |
-| cis-1.24-microk8s | master, controlplane, node, etcd, policies |
+| CIS Benchmark        | Targets |
+|----------------------|---------|
+| cis-1.5              | master, controlplane, node, etcd, policies |
+| cis-1.6              | master, controlplane, node, etcd, policies |
+| cis-1.20             | master, controlplane, node, etcd, policies |
+| cis-1.23             | master, controlplane, node, etcd, policies |
+| cis-1.24             | master, controlplane, node, etcd, policies |
+| cis-1.7              | master, controlplane, node, etcd, policies |
+| cis-1.8              | master, controlplane, node, etcd, policies |
+| cis-1.9              | master, controlplane, node, etcd, policies |
+| gke-1.0              | master, controlplane, node, etcd, policies, managedservices |
+| gke-1.2.0            | controlplane, node, policies, managedservices |
+| gke-1.6.0            | controlplane, node, policies, managedservices |
+| eks-1.0.1            | controlplane, node, policies, managedservices |
+| eks-1.1.0            | controlplane, node, policies, managedservices |
+| eks-1.2.0            | controlplane, node, policies, managedservices |
+| ack-1.0              | master, controlplane, node, etcd, policies, managedservices |
+| aks-1.0              | controlplane, node, policies, managedservices |
+| rh-0.7               | master,node|
+| rh-1.0               | master, controlplane, node, etcd, policies |
+| rh-1.6               | master, controlplane, node, etcd, policies |
+| cis-1.6-k3s          | master, controlplane, node, etcd, policies |
+| cis-1.24-microk8s    | master, controlplane, node, etcd, policies |
 
 The following table shows the valid DISA STIG versions