diff --git a/cfg/rh-1.6/etcd.yaml b/cfg/rh-1.6/etcd.yaml index 674e21fad..4b589ff54 100644 --- a/cfg/rh-1.6/etcd.yaml +++ b/cfg/rh-1.6/etcd.yaml @@ -28,7 +28,8 @@ groups: - flag: "file" compare: op: regex - value: '\/etc\/kubernetes\/static-pod-certs\/secrets\/etcd-all-serving\/etcd-serving-.*\.(?:crt|key)' + # some systems have certs in directory '/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs' + value: \/etc\/kubernetes\/static-pod-certs\/secrets\/etcd-all-(?:serving|certs)\/etcd-serving-.*\.(?:crt|key) remediation: | OpenShift does not use the etcd-certfile or etcd-keyfile flags. Certificates for etcd are managed by the etcd cluster operator. @@ -103,7 +104,8 @@ groups: - flag: "file" compare: op: regex - value: '\/etc\/kubernetes\/static-pod-certs\/secrets\/etcd-all-peer\/etcd-peer-.*\.(?:crt|key)' + # some systems have certs in directory '/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs' + value: '\/etc\/kubernetes\/static-pod-certs\/secrets\/etcd-all-(?:peer|certs)\/etcd-peer-.*\.(?:crt|key)' remediation: | None. This configuration is managed by the etcd operator. scored: false diff --git a/cfg/rh-1.6/node.yaml b/cfg/rh-1.6/node.yaml index 622905395..f7ac9ca6c 100644 --- a/cfg/rh-1.6/node.yaml +++ b/cfg/rh-1.6/node.yaml @@ -349,15 +349,14 @@ groups: echo RotateKubeletServerCertificate=$(oc get --raw /api/v1/nodes/$NODE_NAME/proxy/configz | jq '.kubeletconfig.featureGates.RotateKubeletServerCertificate' 2> /dev/null) # Verify the rotateCertificates argument is set to true echo rotateCertificates=$(oc get --raw /api/v1/nodes/$NODE_NAME/proxy/configz | jq -r '.kubeletconfig.rotateCertificates' 2> /dev/null) - use_multiple_values: true tests: - bin_op: or + bin_op: and test_items: - - flag: rotateCertificates + - flag: RotateKubeletServerCertificate compare: op: eq value: true - - flag: RotateKubeletServerCertificate + - flag: rotateCertificates compare: op: eq value: true