k3s cis-1.11 profile check 4.2.4 fails when only read-only-port=0 extra kubelet arg is passed (for k8s version >=1.32)

k3s cis 1.11 check 4.2.4 when only read-only-port extra kubelet arg is passed (for k8s version >=1.32)
the result of the audit command produces an output which has  `--read-only-port=0"` at last which is causing the kube bench to check for `0"` value instead of 0 which results in a failure.
```
...........labels=cattle.io/os=linux,rke.cattle.io/machine=<machine-id> --read-only-port=0"
```

if we add another kubelet arg which comes after --read-only-port in alphabetical order then the check passes because the results of the audit command is like below
```
...........labels=cattle.io/os=linux,rke.cattle.io/machine=<machine-id> --read-only-port=0 --streaming-connection-idle-timeout=5m"
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

k3s cis-1.11 profile check 4.2.4 fails when only read-only-port=0 extra kubelet arg is passed (for k8s version >=1.32) #123

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

k3s cis-1.11 profile check 4.2.4 fails when only read-only-port=0 extra kubelet arg is passed (for k8s version >=1.32) #123

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions