Due to upgrade issues with the Envoy gateway and the offline installation environments, upgrading to MKE 4k 4.1.3 is not recommended. These issues will be fixed in a future release. For version 4.1.3, Mirantis only supports fresh installations.
3. Control plane configuration
3.1 Authentication and authorization
| CIS ID |
Recommendation |
Resolution |
Comments |
| 3.1.1 |
Client certificate authentication should not be used for users. |
Warn |
NA |
| 3.1.2 |
Service account token authentication should not be used for users. |
Warn |
NA |
| 3.1.3 |
Bootstrap token authentication should not be used for users. |
Warn |
NA |
3.2 Logging
| CIS ID |
Recommendation |
Resolution |
Comments |
| 3.2.1 |
Ensure that a minimal audit policy is created. |
Warn |
NA |
| 3.2.2 |
Ensure that the audit policy covers key security. |
Warn |
NA |