OpenShift 3.11 remove service-account-private-key-file #844
-
|
We are running kube-bench v3 tests in an OpenShift 3.11 environment and I am not sure how to find solution of this test failure 3.4 Edit the Openshift master config file /etc/origin/master/master-config.yaml and remove service-account-private-key-file As per my understanding the test is failing because the privateKeyFile is set to the default value of serviceaccounts.private.key. The serviceaccounts.private.key file is used by cluster to enable service account token generation and authentication. The file is currently stored in /etc/origin/master folder and the value is configured under in master-config.yaml file. OpenShift 3.11 master-config.yaml file
I am not sure what is the suggestion here? We can't remove this file as its required for Service account authentication. What are the possible solutions to pass this test? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The remediation says: Maybe we should change it to be not scored test, then if it pass it PASS and if it fails it will be WARN which indicates "Hey something is needs your attention check it out". |
Beta Was this translation helpful? Give feedback.
The remediation says:
Edit the Openshift master config file /etc/origin/master/master-config.yaml and remove service-account-private-key-fileIf I understood correctly you can't delete it because you are using it.
Then just leave it, this is a recommendation,
Maybe we should change it to be not scored test, then if it pass it PASS and if it fails it will be WARN which indicates "Hey something is needs your attention check it out".