Kubernetes Control Plane Charm

k8s-control-plane charm causes non DISA-STIG compliance

Bug #1996930 reported by Jeff Hillman on 2022-11-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Kubernetes Control Plane Charm	New	Undecided	Unassigned

Bug Description

ubuntu 20.04.5
juju 2.9.37
charm latest/stable rev CH:204
k8s 1.25.4

When running `sudo usg fix disa_stig` against an ubuntu 20.04.5 machine, it becomes DISA-STIG compliant.

running `juju add-machine <user>@<ip>` and then `juju deploy kubernetes-control-plane --to 0` causes DISA-STIG to no longer be compliant

Specifically, running a diff against the compliant results `sudo usg audit disa_stig` and then against the newly deployed k8s-control-plane charm causes the following diff:

```
- <rule-result idref="file_permissions_binary_dirs" time="2022-11-17T16:00:23" severity="medium" weight="1.000000">
- <result>pass</result>
+ <rule-result idref="file_permissions_binary_dirs" time="2022-11-17T16:45:15" severity="medium" weight="1.000000">
+ <result>fail</result>

```

kubernetes-control-plane charm is breaking the file_permissions_binary_dirs DISA-STIG compliance.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.