brandond
commented
1 month ago Are you sure you're using etcd at all? By default, k3s uses sqlite. If you're not using etcd, then the etcd-specific bits of the hardening guide are not relevant.
Closed cwrx777 closed 1 month ago
brandond
commented
1 month ago Are you sure you're using etcd at all? By default, k3s uses sqlite. If you're not using etcd, then the etcd-specific bits of the hardening guide are not relevant.
dereknola
commented
1 month ago Correct, the CIS scans are only considered valid if you are running K3s with embedded etcd aka --cluster-init. Upstream and CIS don't have a concept of a non-etcd K8s cluster when it comes to security hardening.
cwrx777
commented
1 month ago The etcd config is created after using --cluster-init
release: 1.29.4 I am unable to find etcd config as stated here