Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-17216

CIS Rule RotateKubeletServerCertificate uses an invalid check on 4.14

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Minor Minor
    • None
    • 4.14
    • Compliance Operator
    • No
    • CMP Sprint 68, CMP Sprint 69
    • 2
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      CIS Rule RotateKubeletServerCertificate uses an invalid check on 4.14

      Version-Release number of selected component (if applicable):

      4.14

      How reproducible:

      Each time

      Steps to Reproduce:

      1. Navigate to Cluster with Compliance Operator installed
2. Configure CIS profile
3. Attempt manual fix

      Actual results:

      Failed Rule

      Expected results:

      Pass

      Additional info:

      In the machine-config-oeprator there is this commit:commit e0aa021cda979d6c584df1c2aa105043b0a3d420
Author: Ryan Phillips <rphillips@redhat.com>
Date:   Thu Oct 3 09:08:03 2019 -0500
migrate rotate certificates to the configgit diff e0aa021cda templates/master/01-master-kubelet/_base/files/kubelet.yaml
git blame templates/master/01-master-kubelet/_base/files/kubelet.yaml | grep rotate
e0aa021cda templates/master/01-master-kubelet/_base/files/kubelet.yaml (Ryan Phillips            2019-10-03 09:08:03 -0500 24)     rotateCertificates: true

rotateCertificates is now a default = true. 

The check may no longer be valid, and rotateCertificates is now default.

            lbragsta@redhat.com Lance Bragstad
            pbastide_rh Paul Bastide
            Xiaojie Yuan Xiaojie Yuan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: