Current status (updated as of May 13th 2020):
Layer | Result | Comment |
os/lynis | PASS | If libvirt or weave are installed, lynis will no longer pass. Virtlet KUD plugin requires libvirt, so if it is enabled during installation lynis will no longer pass. |
os/vuls | FAIL: 153 vulnerabilities found | Total: 153 (High:33 Medium:93 Low:27 ?:0), 1/153 Fixed, 801 installed, 0 exploits, en: 2, ja: 0 alerts. Most, if not all, of the vulnerabilities seem to come from the validation containers, not the host OS itself. vuls-icn-20200513.txt; notes-icn-20200513.txt |
k8s/conformance | PASS | KUD deployment without additional plugins lets sonobuoy pass (takes about 2h15min to run). |
k8s/kubehunter | FAIL Inside-a-Pod Scanning: 5 vulnerabilities | Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer. All others kubehunter tests are a PASS. kubehunter-icn-20200513.txt |
Attachments:
(do not preview, download file and then open it)
How to deploy Bluval for ICN in private Jenkins instance
This is coming soon.
These 2 patches need to get merged first: