Add GKE 1.6 CIS benchmark for GCP environment (#1672)

ttousai · afdesk · deebhatia · commit 2873eea8dd55 · 2024-10-14T23:13:18.000+05:30
* Add config entries for GKE 1.6 controls

* Add gke1.6 control plane recommendations

* Add gke-1.6.0 worker node recommendations

* Add gke-1.6.0 policy recommendations

* Add managed services and policy recommendation

* Add master recommendations

* Fix formatting across gke-1.6.0 files

* Add gke-1.6.0 benchmark selection based on k8s version

* Workaround: hardcode kubelet config path for gke-1.6.0

* Fix tests for makeIPTablesUtilChaings

* Change scored field for all node tests to true

* Fix kubelet file permission to check for

---------

Co-authored-by: afdesk &lt;work@afdesk.com&gt;
diff --git a/docs/architecture.md b/docs/architecture.md
@@ -13,28 +13,29 @@ Check the contents of the benchmark directory under `cfg` to see which targets a
 
 The following table shows the valid targets based on the CIS Benchmark version.
 
-| CIS Benchmark     | Targets |
-|-------------------|---------|
-| cis-1.5           | master, controlplane, node, etcd, policies |
-| cis-1.6           | master, controlplane, node, etcd, policies |
-| cis-1.20          | master, controlplane, node, etcd, policies |
-| cis-1.23          | master, controlplane, node, etcd, policies |
-| cis-1.24          | master, controlplane, node, etcd, policies |
-| cis-1.7           | master, controlplane, node, etcd, policies |
-| cis-1.8           | master, controlplane, node, etcd, policies |
-| cis-1.9           | master, controlplane, node, etcd, policies |
-| gke-1.0           | master, controlplane, node, etcd, policies, managedservices |
-| gke-1.2.0         | controlplane, node, policies, managedservices |
-| eks-1.0.1         | controlplane, node, policies, managedservices |
-| eks-1.1.0         | controlplane, node, policies, managedservices |
-| eks-1.2.0         | controlplane, node, policies, managedservices |
-| ack-1.0           | master, controlplane, node, etcd, policies, managedservices |
-| aks-1.0           | controlplane, node, policies, managedservices |
-| rh-0.7            | master,node|
-| rh-1.0            | master, controlplane, node, etcd, policies |
-| rh-1.6            | master, controlplane, node, etcd, policies |
-| cis-1.6-k3s       | master, controlplane, node, etcd, policies |
-| cis-1.24-microk8s | master, controlplane, node, etcd, policies |
+| CIS Benchmark        | Targets |
+|----------------------|---------|
+| cis-1.5              | master, controlplane, node, etcd, policies |
+| cis-1.6              | master, controlplane, node, etcd, policies |
+| cis-1.20             | master, controlplane, node, etcd, policies |
+| cis-1.23             | master, controlplane, node, etcd, policies |
+| cis-1.24             | master, controlplane, node, etcd, policies |
+| cis-1.7              | master, controlplane, node, etcd, policies |
+| cis-1.8              | master, controlplane, node, etcd, policies |
+| cis-1.9              | master, controlplane, node, etcd, policies |
+| gke-1.0              | master, controlplane, node, etcd, policies, managedservices |
+| gke-1.2.0            | controlplane, node, policies, managedservices |
+| gke-1.6.0            | controlplane, node, policies, managedservices |
+| eks-1.0.1            | controlplane, node, policies, managedservices |
+| eks-1.1.0            | controlplane, node, policies, managedservices |
+| eks-1.2.0            | controlplane, node, policies, managedservices |
+| ack-1.0              | master, controlplane, node, etcd, policies, managedservices |
+| aks-1.0              | controlplane, node, policies, managedservices |
+| rh-0.7               | master,node|
+| rh-1.0               | master, controlplane, node, etcd, policies |
+| rh-1.6               | master, controlplane, node, etcd, policies |
+| cis-1.6-k3s          | master, controlplane, node, etcd, policies |
+| cis-1.24-microk8s    | master, controlplane, node, etcd, policies |
 
 The following table shows the valid DISA STIG versions
 
