From 74e91d07d49bcbfa0ea5854f6eeeccf5bdea722e Mon Sep 17 00:00:00 2001
From: Hannes Baum <hannes.baum@cloudandheat.com>
Date: Thu, 25 Apr 2024 14:25:10 +0200
Subject: [PATCH] fixup! Update baseline cluster security (#475)

Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
---
 Standards/scs-0217-v1-cluster-hardening.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Standards/scs-0217-v1-cluster-hardening.md b/Standards/scs-0217-v1-cluster-hardening.md
index 99f17ebc4..7008cbc0e 100644
--- a/Standards/scs-0217-v1-cluster-hardening.md
+++ b/Standards/scs-0217-v1-cluster-hardening.md
@@ -394,6 +394,12 @@ Kubelet HTTP read-only port
 - what is it really for?
 - what happens if deactivated?
 - Kubelet authorization
+https://www.stigviewer.com/stig/kubernetes/2021-04-14/finding/V-242387
+https://docs.datadoghq.com/security/default_rules/cis-kubernetes-1.5.1-4.2.4/
+https://github.com/kubernetes/kubernetes/pull/59666 (disabled here)
+https://github.com/kubernetes/kubernetes/issues/12968 (should be removed, but not done yet due to e2e)
+https://github.com/kubernetes/kubeadm/issues/732 (here in kubeadm)
+
 
 Standard
 - ask Steve about authentication