Enhance E2E Hardened option #10558

dereknola · 2024-07-24T16:28:51Z

Proposed Changes

Remove unnecessary config.yaml options
Add required tls-cipher-suites argument to config.yaml
Rework default of E2E_HARDENED to accept true (psa)
Auto install kube-bench for easier CIS validation

Types of Changes

Testing Enhancements

Verification

Manually run multiple times when overhauling the K3s CIS profiles

Testing

N/A this is just for manual QA

Linked Issues

N/A

User-Facing Change

Further Comments

Signed-off-by: Derek Nola <[email protected]>

codecov · 2024-07-24T17:40:36Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 43.49%. Comparing base (58ab259) to head (77c0364).
Report is 8 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (58ab259) and HEAD (77c0364). Click for more details.

HEAD has 1 upload less than BASE

Flag BASE (58ab259) HEAD (77c0364)

e2etests 7 6

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10558      +/-   ##
==========================================
- Coverage   49.47%   43.49%   -5.98%     
==========================================
  Files         179      179              
  Lines       14924    14936      +12     
==========================================
- Hits         7384     6497     -887     
- Misses       6161     7241    +1080     
+ Partials     1379     1198     -181

Flag	Coverage Δ
e2etests	`36.31% <ø> (-10.02%)`	⬇️
inttests	`36.68% <ø> (+16.96%)`	⬆️
unittests	`13.35% <ø> (-0.02%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

* Remove unnecessary hardened arguments Signed-off-by: Derek Nola <[email protected]> * slim down hardened arguments Signed-off-by: Derek Nola <[email protected]> --------- Signed-off-by: Derek Nola <[email protected]>

dereknola added 2 commits July 16, 2024 10:41

Remove unnecessary hardened arguments

037c437

Signed-off-by: Derek Nola <[email protected]>

slim down hardened arguments

77c0364

Signed-off-by: Derek Nola <[email protected]>

dereknola requested a review from a team as a code owner July 24, 2024 16:28

brandond approved these changes Jul 24, 2024

View reviewed changes

vitorsavian approved these changes Jul 24, 2024

View reviewed changes

dereknola merged commit ecff337 into k3s-io:master Jul 25, 2024
29 checks passed

dereknola deleted the hardened_slim branch July 29, 2024 16:53

This was referenced Aug 5, 2024

[Release-1.30] Backports for August 2024 #10671

Merged

[Release-1.29] Backports for August 2024 #10672

Merged

[Release-1.28] Backports for August 2024 #10673

Merged

[Release-1.27] Backports for August 2024 #10674

Merged

cguertin14 mentioned this pull request Sep 3, 2024

new release: k3s update from v1.30.4+k3s1 to v1.31.0+k3s1 cguertin14/k3s-ansible-ha#41

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhance E2E Hardened option #10558

Enhance E2E Hardened option #10558

dereknola commented Jul 24, 2024

codecov bot commented Jul 24, 2024 •

edited

Loading

Enhance E2E Hardened option #10558

Enhance E2E Hardened option #10558

Conversation

dereknola commented Jul 24, 2024

Proposed Changes

Types of Changes

Verification

Testing

Linked Issues

User-Facing Change

Further Comments

codecov bot commented Jul 24, 2024 • edited Loading

Codecov Report

codecov bot commented Jul 24, 2024 •

edited

Loading