Due to upgrade issues with the Envoy gateway and the offline installation environments, upgrading to MKE 4k 4.1.3 is not recommended. These issues are fixed in the
4.1.4 release. For version 4.1.3, Mirantis
only supports fresh installations.
3. Control plane configuration
3.1 Authentication and authorization
| CIS ID |
Recommendation |
Resolution |
Comments |
| 3.1.1 |
Client certificate authentication should not be used for users. |
Warn |
NA |
| 3.1.2 |
Service account token authentication should not be used for users. |
Warn |
NA |
| 3.1.3 |
Bootstrap token authentication should not be used for users. |
Warn |
NA |
3.2 Logging
| CIS ID |
Recommendation |
Resolution |
Comments |
| 3.2.1 |
Ensure that a minimal audit policy is created. |
Warn |
NA |
| 3.2.2 |
Ensure that the audit policy covers key security. |
Warn |
NA |