This is the multi-page printable view of this section. Click here to print.
Security and Compliance
1 - Kubernetes Cluster Hardening Procedure
Overview
The Gardener team takes security seriously, which is why we mandate the Security Technical Implementation Guide (STIG) for Kubernetes as published by the Defense Information Systems Agency (DISA) here. We offer Gardener adopters the opportunity to show compliance with DISA Kubernetes STIG via the compliance checker tool diki. The latest release in machine readable format can be found in the STIGs Document Library by searching for Kubernetes.
Kubernetes Clusters Security Requirements
DISA Kubernetes STIG version 1 release 11 contains 91 rules overall. Only the following rules, however, apply to you. Some of them are secure-by-default, so your responsibility is to make sure that they are not changed. For your convenience, the requirements are grouped logically and per role:
Rules Relevant for Cluster Admins
Control Plane Configuration
ID | Description | Secure By Default | Comments |
---|---|---|---|
242390 | Kubernetes API server must have anonymous authentication disabled | ✅ | Disabled unless you enable it via enableAnnonymousAuthentication |
245543 | Kubernetes API Server must disable token authentication to protect information in transit | ✅ | Disabled unless you enable it via enableStaticTokenKubeconfig |
242400 | Kubernetes API server must have Alpha APIs disabled | ✅ | Disabled unless you enable it via featureGates |
242436 | Kubernetes API server must have the ValidatingAdmissionWebhook enabled | ✅ | Enabled unless you disable it explicitly via admissionPlugins |
242393 | Kubernetes Worker Nodes must not have sshd service running | ❌ | Active to allow debugging of network issues, but it is possible to deactivate via the sshAccess setting |
242394 | Kubernetes Worker Nodes must not have the sshd service enabled | ❌ | Enabled to allow debugging of network issues, but it is possible to deactivate via the sshAccess setting |
242434 | Kubernetes Kubelet must enable kernel protection | ✅ | Enabled for Kubernetes v1.26 or later unless disabled explicitly via protectKernalDefaults |
245541 | Kubernetes Kubelet must not disable timeouts | ✅ | Enabled for Kubernetes v1.26 or later unless disabled explicitly via streamingConnectionIdleTimeout |
Audit Configuration
ID | Description | Secure By Default | Comments |
---|---|---|---|
242402 | The Kubernetes API Server must have an audit log path set | ❌ | It is the user’s responsibility to configure an audit extension that meets the requirements of their organization. Depending on the audit extension implementation the audit logs do not always need to be written on the filesystem, i.e. when --audit-webhook-config-file is set and logs are sent to an audit backend. |
242403 | Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event | ❌ | Users should set an audit policy that meets the requirements of their organization. Please consult the Shoot Audit Policy documentation. |
242461 | Kubernetes API Server audit logs must be enabled | ❌ | Users should set an audit policy that meets the requirements of their organization. Please consult the Shoot Audit Policy documentation. |
242462 | The Kubernetes API Server must be set to audit log max size | ❌ | It is the user’s responsibility to configure an audit extension that meets the requirements of their organization. Depending on the audit extension implementation the audit logs do not always need to be written on the filesystem, i.e. when --audit-webhook-config-file is set and logs are sent to an audit backend. |
242463 | The Kubernetes API Server must be set to audit log maximum backup | ❌ | It is the user’s responsibility to configure an audit extension that meets the requirements of their organization. Depending on the audit extension implementation the audit logs do not always need to be written on the filesystem, i.e. when --audit-webhook-config-file is set and logs are sent to an audit backend. |
242464 | The Kubernetes API Server audit log retention must be set | ❌ | It is the user’s responsibility to configure an audit extension that meets the requirements of their organization. Depending on the audit extension implementation the audit logs do not always need to be written on the filesystem, i.e. when --audit-webhook-config-file is set and logs are sent to an audit backend. |
242465 | The Kubernetes API Server audit log path must be set | ❌ | It is the user’s responsibility to configure an audit extension that meets the requirements of their organization. Depending on the audit extension implementation the audit logs do not always need to be written on the filesystem, i.e. when --audit-webhook-config-file is set and logs are sent to an audit backend. |
End User Workload
ID | Description | Secure By Default | Comments |
---|---|---|---|
242395 | Kubernetes dashboard must not be enabled | ✅ | Not installed unless you install it via kubernetesDashboard. |
242414 | Kubernetes cluster must use non-privileged host ports for user pods | ❌ | Do not use any ports below 1024 for your own workload. |
242415 | Secrets in Kubernetes must not be stored as environment variables | ❌ | Always mount secrets as volumes and never as environment variables. |
242383 | User-managed resources must be created in dedicated namespaces | ❌ | Create and use your own/dedicated namespaces and never place anything into the default, kube-system, kube-public, or kube-node-lease namespace. The default namespace is never to be used while the other above listed namespaces are only to be used by the Kubernetes provider (here Gardener). |
242417 | Kubernetes must separate user functionality | ❌ | While 242383 is about all resources, this rule is specifically about pods. Create and use your own/dedicated namespaces and never place pods into the default, kube-system, kube-public, or kube-node-lease namespace. The default namespace is never to be used while the other above listed namespaces are only to be used by the Kubernetes provider (here Gardener). |
242437 | Kubernetes must have a pod security policy set | ✅ | Set, but Gardener can only set default pod security policies (PSP) and does so only until v1.24 as with v1.25 PSPs were removed (deprecated since v1.21) and replaced with Pod Security Standards (see this blog for more information). Whatever the technology, you are responsible to configure custom-tailured appropriate PSPs respectively use them or PSSs, depending on your own workload and security needs (only you know what a pod should be allowed to do). |
242442 | Kubernetes must remove old components after updated versions have been installed | ❌ | While Gardener manages all its components in its system namespaces (automated), you are naturally responsible for your own workload. |
254800 | Kubernetes must have a Pod Security Admission control file configured | ❌ | Gardener ensures that the pod security configuration allows system components to be deployed in the kube-system namespace but does not set configurations that can affect user namespaces. It is recommended that users enforce a minimum of baseline pod security level for their workload via PodSecurity admission plugin. |
Rules Relevant for Service Providers
ID | Description |
---|---|
242376 | The Kubernetes Controller Manager must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination. |
242377 | The Kubernetes Scheduler must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination. |
242378 | The Kubernetes API Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination. |
242379 | The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination. |
242380 | The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination. |
242381 | The Kubernetes Controller Manager must create unique service accounts for each work payload. |
242382 | The Kubernetes API Server must enable Node,RBAC as the authorization mode. |
242384 | The Kubernetes Scheduler must have secure binding. |
242385 | The Kubernetes Controller Manager must have secure binding. |
242386 | The Kubernetes API server must have the insecure port flag disabled. |
242387 | The Kubernetes Kubelet must have the “readOnlyPort” flag disabled. |
242388 | The Kubernetes API server must have the insecure bind address not set. |
242389 | The Kubernetes API server must have the secure port set. |
242391 | The Kubernetes Kubelet must have anonymous authentication disabled. |
242392 | The Kubernetes kubelet must enable explicit authorization. |
242396 | Kubernetes Kubectl cp command must give expected access and results. |
242397 | The Kubernetes kubelet staticPodPath must not enable static pods. |
242398 | Kubernetes DynamicAuditing must not be enabled. |
242399 | Kubernetes DynamicKubeletConfig must not be enabled. |
242404 | Kubernetes Kubelet must deny hostname override. |
242405 | The Kubernetes manifests must be owned by root. |
242406 | The Kubernetes KubeletConfiguration file must be owned by root. |
242407 | The Kubernetes KubeletConfiguration files must have file permissions set to 644 or more restrictive. |
242408 | The Kubernetes manifest files must have least privileges. |
242409 | Kubernetes Controller Manager must disable profiling. |
242410 | The Kubernetes API Server must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL). |
242411 | The Kubernetes Scheduler must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL). |
242412 | The Kubernetes Controllers must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL). |
242413 | The Kubernetes etcd must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL). |
242418 | The Kubernetes API server must use approved cipher suites. |
242419 | Kubernetes API Server must have the SSL Certificate Authority set. |
242420 | Kubernetes Kubelet must have the SSL Certificate Authority set. |
242421 | Kubernetes Controller Manager must have the SSL Certificate Authority set. |
242422 | Kubernetes API Server must have a certificate for communication. |
242423 | Kubernetes etcd must enable client authentication to secure service. |
242424 | Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service. |
242425 | Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service. |
242426 | Kubernetes etcd must enable client authentication to secure service. |
242427 | Kubernetes etcd must have a key file for secure communication. |
242428 | Kubernetes etcd must have a certificate for communication. |
242429 | Kubernetes etcd must have the SSL Certificate Authority set. |
242430 | Kubernetes etcd must have a certificate for communication. |
242431 | Kubernetes etcd must have a key file for secure communication. |
242432 | Kubernetes etcd must have peer-cert-file set for secure communication. |
242433 | Kubernetes etcd must have a peer-key-file set for secure communication. |
242438 | Kubernetes API Server must configure timeouts to limit attack surface. |
242443 | Kubernetes must contain the latest updates as authorized by IAVMs, CTOs, DTMs, and STIGs. |
242444 | The Kubernetes component manifests must be owned by root. |
242445 | The Kubernetes component etcd must be owned by etcd. |
242446 | The Kubernetes conf files must be owned by root. |
242447 | The Kubernetes Kube Proxy must have file permissions set to 644 or more restrictive. |
242448 | The Kubernetes Kube Proxy must be owned by root. |
242449 | The Kubernetes Kubelet certificate authority file must have file permissions set to 644 or more restrictive. |
242450 | The Kubernetes Kubelet certificate authority must be owned by root. |
242451 | The Kubernetes component PKI must be owned by root. |
242452 | The Kubernetes kubelet KubeConfig must have file permissions set to 644 or more restrictive. |
242453 | The Kubernetes kubelet KubeConfig file must be owned by root. |
242454 | The Kubernetes kubeadm.conf must be owned by root. |
242455 | The Kubernetes kubeadm.conf must have file permissions set to 644 or more restrictive. |
242456 | The Kubernetes kubelet config must have file permissions set to 644 or more restrictive. |
242457 | The Kubernetes kubelet config must be owned by root. |
242459 | The Kubernetes etcd must have file permissions set to 644 or more restrictive. |
242460 | The Kubernetes admin.conf must have file permissions set to 644 or more restrictive. |
242466 | The Kubernetes PKI CRT must have file permissions set to 644 or more restrictive. |
242467 | The Kubernetes PKI keys must have file permissions set to 600 or more restrictive. |
245542 | Kubernetes API Server must disable basic authentication to protect information in transit. |
245544 | Kubernetes endpoints must use approved organizational certificate and key pair to protect information in transit. |
254801 | Kubernetes must enable PodSecurity admission controller on static pods and Kubelets. |
2 - Run DISA K8s STIGs Ruleset
Show DISA K8s STIG Compliance for a Gardener Shoot Cluster
Introduction
This part covers the topic of showing compliance with the DISA K8s STIG for a Gardener shoot cluster. The guide features two providers - managedk8s
and garden
, both of which implement rules from the DISA K8s STIG ruleset.
The managedk8s
provider assumes that the user running the ruleset does not have access to the environment (the seed in this particular case), in which the control plane components reside.
The garden
provider is used for accessing theGarden
cluster, in which the Shoot
resource can be found.
Important
Since the two providers that we are going to use in this guide do not leverage access to the Shoot cluster controlplane, they only implement checks that concern configurations that cluster owners can change/modify by themselves. Compliance for configurations that cannot be influenced by cluster owners shall be ensured by the team that operates the concrete Gardener installation.
Prerequisites
Make sure you have diki installed and have a running Gardener shoot cluster.
We will be using the sample DISA K8s STIG for Shoots configuration file for this run.
Configuration
Configure the managedk8s
provider
Set the following arguments:
providers[id=="managedk8s"].args.kubeconfigPath
pointing to a shoot admin kubeconfig.
In case you need instructions on how to generate such a kubeconfig, please read Accessing Shoot Clusters.
Configure the garden
provider
Set the following arguments:
providers[id=="garden"].args.kubeconfigPath
pointing to the Garden cluster kubeconfig.providers[id=="garden"].rulesets.args.projectNamespace
should be set to the namespace in which the shoot cluster is created.providers[id=="garden"].rulesets.args.shootName
should be set to the name of the shoot cluster.
Additional configurations
Additional metadata such as the shoot’s name can also be included in the providers[id=="managedk8s|garden"].metadata
section. The metadata section can be used to add additional context to different diki runs.
The provided configuration contain the recommended rule options for running the both providers, but you can modify rule options parameters according to requirements. All available options can be found in:
Running the DISA K8s STIGs Ruleset
To run diki against a Gardener shoot cluster, run the following command:
diki run \
--config=./example/guides/disa-k8s-stig-shoot.yaml \
--all \
--output=disa-k8s-stigs-report.json
Generating a Report
We can use the file generated in the previous step to create an html report by using the following command:
diki report generate \
--output=disa-k8s-stigs-report.html \
disa-k8s-stigs-report.json
3 - Gardener Compliance Report
Overview
Gardener aims to comply with public security standards and guidelines, such as the Security Technical Implementation Guide (STIG) for Kubernetes from Defense Information Systems Agency (DISA). The DISA Kubernetes STIG is a set of rules that provide recommendations for secure deployment and operation of Kubernetes. It covers various aspects of Kubernetes security, including the configurations of the Kubernetes API server and other components, cluster management, certificate management, handling of updates and patches.
While Gardener aims to follow this guideline, we also recognize that not all of the rules may be directly applicable or optimal for Gardener specific environment. Therefore, some of the requirements are adjusted. Rules that are not applicable to Gardener are skipped given an appropriate justification.
For every release, we check that Gardener is able of creating security hardened shoot clusters, reconfirming that the configurations which are not secure by default (as per Gardener Kubernetes Cluster Hardening Procedure) are still possible and work as expected.
In order to automate and ease this process, Gardener uses a tool called diki.
Security Hardened Shoot Configurations
The following security hardened shoot configurations were used in order to generate the compliance report.
AWS
kind: Shoot
apiVersion: core.gardener.cloud/v1beta1
metadata:
name: aws
spec:
cloudProfileName: aws
kubernetes:
kubeAPIServer:
admissionPlugins:
- name: PodSecurity
config:
apiVersion: pod-security.admission.config.k8s.io/v1beta1
kind: PodSecurityConfiguration
defaults:
enforce: baseline
audit: baseline
warn: baseline
disabled: false
auditConfig:
auditPolicy:
configMapRef:
name: audit-policy
version: "1.28"
enableStaticTokenKubeconfig: false
networking:
type: calico
pods: 100.64.0.0/12
nodes: 10.180.0.0/16
services: 100.104.0.0/13
ipFamilies:
- IPv4
provider:
type: aws
controlPlaneConfig:
apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1
kind: ControlPlaneConfig
infrastructureConfig:
apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1
kind: InfrastructureConfig
networks:
vpc:
cidr: 10.180.0.0/16
zones:
- internal: 10.180.48.0/20
name: eu-west-1c
public: 10.180.32.0/20
workers: 10.180.0.0/19
workers:
- cri:
name: containerd
name: worker-kkfk1
machine:
type: m5.large
image:
name: gardenlinux
architecture: amd64
maximum: 2
minimum: 2
maxSurge: 1
maxUnavailable: 0
volume:
type: gp3
size: 50Gi
zones:
- eu-west-1c
workersSettings:
sshAccess:
enabled: false
purpose: evaluation
region: eu-west-1
secretBindingName: secretBindingName
Azure
kind: Shoot
apiVersion: core.gardener.cloud/v1beta1
metadata:
name: azure
spec:
cloudProfileName: az
kubernetes:
kubeAPIServer:
admissionPlugins:
- name: PodSecurity
config:
apiVersion: pod-security.admission.config.k8s.io/v1beta1
kind: PodSecurityConfiguration
defaults:
enforce: baseline
audit: baseline
warn: baseline
disabled: false
auditConfig:
auditPolicy:
configMapRef:
name: audit-policy
version: "1.28"
enableStaticTokenKubeconfig: false
networking:
type: calico
pods: 100.64.0.0/12
nodes: 10.180.0.0/16
services: 100.104.0.0/13
ipFamilies:
- IPv4
provider:
type: azure
controlPlaneConfig:
apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1
kind: ControlPlaneConfig
infrastructureConfig:
apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1
kind: InfrastructureConfig
networks:
vnet:
cidr: 10.180.0.0/16
workers: 10.180.0.0/16
zoned: true
workers:
- cri:
name: containerd
name: worker-g7p4p
machine:
type: Standard_A4_v2
image:
name: gardenlinux
architecture: amd64
maximum: 2
minimum: 2
maxSurge: 1
maxUnavailable: 0
volume:
type: StandardSSD_LRS
size: 50Gi
zones:
- '3'
workersSettings:
sshAccess:
enabled: false
purpose: evaluation
region: westeurope
secretBindingName: secretBindingName
GCP
kind: Shoot
apiVersion: core.gardener.cloud/v1beta1
metadata:
name: gcp
spec:
cloudProfileName: gcp
kubernetes:
kubeAPIServer:
admissionPlugins:
- name: PodSecurity
config:
apiVersion: pod-security.admission.config.k8s.io/v1beta1
kind: PodSecurityConfiguration
defaults:
enforce: baseline
audit: baseline
warn: baseline
disabled: false
auditConfig:
auditPolicy:
configMapRef:
name: audit-policy
version: "1.28"
enableStaticTokenKubeconfig: false
networking:
type: calico
pods: 100.64.0.0/12
nodes: 10.180.0.0/16
services: 100.104.0.0/13
ipFamilies:
- IPv4
provider:
type: gcp
controlPlaneConfig:
apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1
kind: ControlPlaneConfig
zone: europe-west1-b
infrastructureConfig:
apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1
kind: InfrastructureConfig
networks:
workers: 10.180.0.0/16
workers:
- cri:
name: containerd
name: worker-bex82
machine:
type: n1-standard-2
image:
name: gardenlinux
architecture: amd64
maximum: 2
minimum: 2
maxSurge: 1
maxUnavailable: 0
volume:
type: pd-balanced
size: 50Gi
zones:
- europe-west1-b
workersSettings:
sshAccess:
enabled: false
purpose: evaluation
region: europe-west1
secretBindingName: secretBindingName
OpenStack
kind: Shoot
apiVersion: core.gardener.cloud/v1beta1
metadata:
name: openstack
spec:
cloudProfileName: converged-cloud-cp
kubernetes:
kubeAPIServer:
admissionPlugins:
- name: PodSecurity
config:
apiVersion: pod-security.admission.config.k8s.io/v1beta1
kind: PodSecurityConfiguration
defaults:
enforce: baseline
audit: baseline
warn: baseline
disabled: false
auditConfig:
auditPolicy:
configMapRef:
name: audit-policy
version: "1.28"
enableStaticTokenKubeconfig: false
networking:
type: calico
pods: 100.64.0.0/12
nodes: 10.180.0.0/16
services: 100.104.0.0/13
ipFamilies:
- IPv4
provider:
type: openstack
controlPlaneConfig:
apiVersion: openstack.provider.extensions.gardener.cloud/v1alpha1
kind: ControlPlaneConfig
loadBalancerProvider: f5
infrastructureConfig:
apiVersion: openstack.provider.extensions.gardener.cloud/v1alpha1
kind: InfrastructureConfig
networks:
workers: 10.180.0.0/16
floatingPoolName: FloatingIP-external-cp
workers:
- cri:
name: containerd
name: worker-dqty2
machine:
type: g_c2_m4
image:
name: gardenlinux
architecture: amd64
maximum: 2
minimum: 2
maxSurge: 1
maxUnavailable: 0
zones:
- eu-de-1b
workersSettings:
sshAccess:
enabled: false
purpose: evaluation
region: eu-de-1
secretBindingName: secretBindingName
Diki Configuration
The following diki configuration was used in order to test each of the shoot clusters described above. Mind that the rules regarding audit logging are skipped because organizations have different requirements and Gardener can integrate with different audit logging solutions.
Configuration
metadata: ...
providers:
- id: gardener
name: Gardener
metadata: ...
args: ...
rulesets:
- id: disa-kubernetes-stig
name: DISA Kubernetes Security Technical Implementation Guide
version: v1r11
args:
maxRetries: 5
ruleOptions:
- ruleID: "242402"
skip:
enabled: true
justification: "Gardener can integrate with different audit logging solutions"
- ruleID: "242403"
skip:
enabled: true
justification: "Gardener can integrate with different audit logging solutions"
- ruleID: "242414"
args:
acceptedPods:
- podMatchLabels:
k8s-app: node-local-dns
namespaceMatchLabels:
kubernetes.io/metadata.name: kube-system
justification: "node local dns requires port 53 in order to operate properly"
ports:
- 53
- ruleID: "242445"
args:
expectedFileOwner:
users: ["0", "65532"]
groups: ["0", "65532"]
- ruleID: "242446"
args:
expectedFileOwner:
users: ["0", "65532"]
groups: ["0", "65532"]
- ruleID: "242451"
args:
expectedFileOwner:
users: ["0", "65532"]
groups: ["0", "65532"]
- ruleID: "242462"
skip:
enabled: true
justification: "Gardener can integrate with different audit logging solutions"
- ruleID: "242463"
skip:
enabled: true
justification: "Gardener can integrate with different audit logging solutions"
- ruleID: "242464"
skip:
enabled: true
justification: "Gardener can integrate with different audit logging solutions"
- ruleID: "245543"
args:
acceptedTokens:
- user: "health-check"
uid: "health-check"
- ruleID: "254800"
args:
minPodSecurityLevel: "baseline"
output:
minStatus: Passed
Security Compliance Report for Hardened Shoot Clusters
The report can be reviewed directly or downloaded by clicking here.
Compliance Run (07-25-2024)
Glossary
- 🟢 Passed: Rule check has been fulfilled.
- 🔵 Skipped: Rule check has been considered irrelevant for the specific scenario and will not be run.
- 🔵 Accepted: Rule check may or may not have been run, but it was decided by the user that the check is not a finding.
- 🟠 Warning: Rule check has encountered an ambiguous condition or configuration preventing the ability to determine if the check is fulfilled or not.
- 🔴 Failed: Rule check has been unfulfilled, can be considered a finding.
- 🔴 Errored: Rule check has errored during runtime. It cannot be determined whether the check is fulfilled or not.
- 🟠 Not Implemented: Rule check has not been implemented yet.
Evaluated targets
- aws (gardenVirtualCloudProvider: gcp, gardenerVersion: v1.99.2, projectName: diki-comp, seedCloudProvider: aws, seedKubernetesVersion: v1.29.4, shootCloudProvider: aws, shootKubernetesVersion: v1.28.10, time: 07-25-2024 13:20:33)
- azure (gardenVirtualCloudProvider: gcp, gardenerVersion: v1.99.2, projectName: diki-comp, seedCloudProvider: azure, seedKubernetesVersion: v1.29.4, shootCloudProvider: azure, shootKubernetesVersion: v1.28.10, time: 07-25-2024 13:21:30)
- gcp (gardenVirtualCloudProvider: gcp, gardenerVersion: v1.99.2, projectName: diki-comp, seedCloudProvider: gcp, seedKubernetesVersion: v1.29.4, shootCloudProvider: gcp, shootKubernetesVersion: v1.28.10, time: 07-25-2024 13:22:14)
- openstack (gardenVirtualCloudProvider: gcp, gardenerVersion: v1.99.2, projectName: diki-comp, seedCloudProvider: openstack, seedKubernetesVersion: v1.29.4, shootCloudProvider: openstack, shootKubernetesVersion: v1.28.10, time: 07-25-2024 13:24:21)
- v1r11 DISA Kubernetes Security Technical Implementation Guide (61x Passed 🟢, 24x Skipped 🔵, 7x Accepted 🔵, 7x Warning 🟠, 3x Failed 🔴)
-
🟢 Passed
-
The Kubernetes Controller Manager must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination (MEDIUM 242376)
-
Option tls-min-version has not been set.
- aws
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--openstack
- aws
-
Option tls-min-version has not been set.
-
Kubernetes Scheduler must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination (MEDIUM 242377)
-
Option tls-min-version has not been set.
- aws
- cluster: seed kind: deployment name: kube-scheduler namespace: shoot--diki-comp--aws
- azure
- cluster: seed kind: deployment name: kube-scheduler namespace: shoot--diki-comp--azure
- gcp
- cluster: seed kind: deployment name: kube-scheduler namespace: shoot--diki-comp--gcp
- openstack
- cluster: seed kind: deployment name: kube-scheduler namespace: shoot--diki-comp--openstack
- aws
-
Option tls-min-version has not been set.
-
The Kubernetes API Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination (MEDIUM 242378)
-
Option tls-min-version has not been set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option tls-min-version has not been set.
-
The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination (MEDIUM 242379)
-
Option client-transport-security.auto-tls set to allowed value.
- aws
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--aws
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--aws
- azure
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--azure
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--azure
- gcp
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--gcp
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--gcp
- openstack
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--openstack
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--openstack
- aws
-
Option client-transport-security.auto-tls set to allowed value.
-
The Kubernetes Controller Manager must create unique service accounts for each work payload(HIGH 242381)
-
Option use-service-account-credentials set to allowed value.
- aws
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--openstack
- aws
-
Option use-service-account-credentials set to allowed value.
-
The Kubernetes API Server must enable Node,RBAC as the authorization mode (MEDIUM 242382)
-
Option authorization-mode set to expected value.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option authorization-mode set to expected value.
-
Kubernetes must separate user functionality (MEDIUM 242383)
-
System resource in system namespaces.
- aws
- kind: Service name: kubernetes namespace: default
- azure
- kind: Service name: kubernetes namespace: default
- gcp
- kind: Service name: kubernetes namespace: default
- openstack
- kind: Service name: kubernetes namespace: default
- aws
-
System resource in system namespaces.
-
The Kubernetes API server must have the insecure port flag disabled (HIGH 242386)
-
Option insecure-port not set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option insecure-port not set.
-
The Kubernetes Kubelet must have the "readOnlyPort" flag disabled (HIGH 242387)
-
Option readOnlyPort not set.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Option readOnlyPort not set.
-
The Kubernetes API server must have the insecure bind address not set (HIGH 242388)
-
Option insecure-bind-address not set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option insecure-bind-address not set.
-
The Kubernetes API server must have the secure port set (MEDIUM 242389)
-
Option secure-port set to allowed value.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option secure-port set to allowed value.
-
The Kubernetes API server must have anonymous authentication disabled (HIGH 242390)
-
Option anonymous-auth set to allowed value.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option anonymous-auth set to allowed value.
-
The Kubernetes Kubelet must have anonymous authentication disabled (HIGH 242391)
-
Option authentication.anonymous.enabled set to allowed value.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Option authentication.anonymous.enabled set to allowed value.
-
The Kubernetes kubelet must enable explicit authorization (HIGH 242392)
-
Option authorization.mode set to allowed value.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Option authorization.mode set to allowed value.
-
Kubernetes Worker Nodes must not have sshd service running (MEDIUM 242393)
-
SSH daemon service not installed
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
SSH daemon service not installed
-
Kubernetes Worker Nodes must not have the sshd service enabled (MEDIUM 242394)
-
SSH daemon disabled (or could not be probed)
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
SSH daemon disabled (or could not be probed)
-
Kubernetes dashboard must not be enabled (MEDIUM 242395)
-
Kubernetes dashboard not installed
- aws
- azure
- gcp
- openstack
- aws
-
Kubernetes dashboard not installed
-
The Kubernetes kubelet staticPodPath must not enable static pods (HIGH 242397)
-
Option staticPodPath not set.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Option staticPodPath not set.
-
The Kubernetes API server must have Alpha APIs disabled (MEDIUM 242400)
-
Option featureGates.AllAlpha not set.
- aws
- cluster: seed kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- cluster: seed kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--aws
- cluster: seed kind: deployment name: kube-scheduler namespace: shoot--diki-comp--aws
- cluster: shoot kind: node name: ip-IP-Address.eu-west-1.compute.internal
- cluster: shoot kind: node name: ip-IP-Address.eu-west-1.compute.internal
- cluster: shoot kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- azure
- cluster: seed kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- cluster: seed kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--azure
- cluster: seed kind: deployment name: kube-scheduler namespace: shoot--diki-comp--azure
- cluster: shoot kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- cluster: shoot kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- cluster: shoot kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- gcp
- cluster: seed kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- cluster: seed kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--gcp
- cluster: seed kind: deployment name: kube-scheduler namespace: shoot--diki-comp--gcp
- cluster: shoot kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- cluster: shoot kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- cluster: shoot kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- openstack
- cluster: seed kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- cluster: seed kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--openstack
- cluster: seed kind: deployment name: kube-scheduler namespace: shoot--diki-comp--openstack
- cluster: shoot kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- cluster: shoot kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- cluster: shoot kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- aws
-
Option featureGates.AllAlpha not set.
-
Kubernetes Kubelet must deny hostname override (MEDIUM 242404)
-
Flag hostname-override not set.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
Flag hostname-override not set.
-
The Kubernetes kubelet configuration file must be owned by root (MEDIUM 242406)
-
File has expected owners
- aws
- details: fileName: /etc/systemd/system/kubelet.service, ownerUser: 0, ownerGroup: 0 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- details: fileName: /etc/systemd/system/kubelet.service, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- details: fileName: /etc/systemd/system/kubelet.service, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- details: fileName: /etc/systemd/system/kubelet.service, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
File has expected owners
-
The Kubernetes kubelet configuration files must have file permissions set to 644 or more restrictive (MEDIUM 242407)
-
File has expected permissions
- aws
- details: fileName: /etc/systemd/system/kubelet.service, permissions: 600 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- details: fileName: /etc/systemd/system/kubelet.service, permissions: 600 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- details: fileName: /etc/systemd/system/kubelet.service, permissions: 600 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- details: fileName: /etc/systemd/system/kubelet.service, permissions: 600 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
File has expected permissions
-
Kubernetes Controller Manager must disable profiling (MEDIUM 242409)
-
Option profiling set to allowed value.
- aws
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--openstack
- aws
-
Option profiling set to allowed value.
-
The Kubernetes cluster must use non-privileged host ports for user pods (MEDIUM 242414)
-
Container does not use hostPort < 1024.
- aws
- cluster: seed kind: pod name: aws-custom-route-controller-7856476fd4-hsq29 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: blackbox-exporter-5d75c47dcd-2v7cs namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: blackbox-exporter-5d75c47dcd-d7bpd namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: cert-controller-manager-755dbd646b-hgxzx namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: cloud-controller-manager-769c9b45dd-c5vxq namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-driver-controller-7ffbd87db8-dkp27 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-driver-controller-7ffbd87db8-dkp27 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-driver-controller-7ffbd87db8-dkp27 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-driver-controller-7ffbd87db8-dkp27 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-driver-controller-7ffbd87db8-dkp27 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-driver-controller-7ffbd87db8-dkp27 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-driver-controller-7ffbd87db8-dkp27 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-snapshot-controller-7669f6bfc4-nscqb namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-snapshot-validation-654f9b49d7-xfjxn namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-snapshot-validation-654f9b49d7-xs2pt namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: event-logger-7cdddb58d8-65h7q namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: extension-shoot-lakom-service-6df659477c-28tts namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: extension-shoot-lakom-service-6df659477c-5q5st namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: gardener-resource-manager-6d957ff4b4-56mqn namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: gardener-resource-manager-6d957ff4b4-b2lbj namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-apiserver-76d9c64f5b-7gwf4 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-state-metrics-68dfcd5d48-5mdnv namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: machine-controller-manager-7454c6df68-z77xw namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: machine-controller-manager-7454c6df68-z77xw namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: network-problem-detector-controller-5f458c7579-82tns namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: plutono-567d7c946b-7xgjl namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: plutono-567d7c946b-7xgjl namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: plutono-567d7c946b-7xgjl namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: plutono-567d7c946b-7xgjl namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: shoot-dns-service-645f556cf4-7xc4r namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpa-admission-controller-59bc4d9d8f-hxrh7 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpa-admission-controller-59bc4d9d8f-vf58j namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpa-recommender-6f499cfd88-lnbrx namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpa-updater-746fb98848-8zzf8 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpn-seed-server-547576865c-x6fr2 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpn-seed-server-547576865c-x6fr2 namespace: shoot--diki-comp--aws
- cluster: shoot kind: pod name: apiserver-proxy-kx2mw namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-kx2mw namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-wtlv2 namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-wtlv2 namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-82dwq namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-wh7rj namespace: kube-system
- cluster: shoot kind: pod name: calico-node-9nlzv namespace: kube-system
- cluster: shoot kind: pod name: calico-node-9nlzv namespace: kube-system
- cluster: shoot kind: pod name: calico-node-l94hn namespace: kube-system
- cluster: shoot kind: pod name: calico-node-l94hn namespace: kube-system
- cluster: shoot kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-x9rl9 namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-6rlcn namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-g7k2t namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-vtvrw namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-7gf59 namespace: kube-system
- cluster: shoot kind: pod name: coredns-5cc8785ccd-x8bs2 namespace: kube-system
- cluster: shoot kind: pod name: coredns-5cc8785ccd-xwwgh namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-mrv64 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-mrv64 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-mrv64 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-s74n2 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-s74n2 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-s74n2 namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-nd86n namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-vjfwc namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-4lhcz namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-4lhcz namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-5776b47bc7-g7qjf namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-5776b47bc7-rfmd5 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-s5286 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-x5rm5 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-5kv4k namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-s4wlg namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-fkdwq namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-xhh5n namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-7nhkg namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-vngln namespace: kube-system
- cluster: shoot kind: pod name: vpn-shoot-664f9946cc-cgkvj namespace: kube-system
- azure
- cluster: seed kind: pod name: blackbox-exporter-86c7645696-lpf4t namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: blackbox-exporter-86c7645696-wk9l5 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: cert-controller-manager-7bd977469b-gj7zt namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: cloud-controller-manager-678c6d74d6-9n8dm namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-disk-6b967795c9-w8nmj namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-disk-6b967795c9-w8nmj namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-disk-6b967795c9-w8nmj namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-disk-6b967795c9-w8nmj namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-disk-6b967795c9-w8nmj namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-disk-6b967795c9-w8nmj namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-file-7cfdfbd8fc-xgp5z namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-file-7cfdfbd8fc-xgp5z namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-file-7cfdfbd8fc-xgp5z namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-file-7cfdfbd8fc-xgp5z namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-file-7cfdfbd8fc-xgp5z namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-file-7cfdfbd8fc-xgp5z namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-snapshot-controller-54b4bcd846-mlxgq namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-snapshot-validation-797f668744-685cb namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-snapshot-validation-797f668744-t64t4 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: event-logger-5d8496f566-jbqv7 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: extension-shoot-lakom-service-c79868bf8-mkrs9 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: extension-shoot-lakom-service-c79868bf8-tddc6 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: gardener-resource-manager-78754877d5-k6cl8 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: gardener-resource-manager-78754877d5-ml2z8 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-apiserver-86b5d6dbc4-fqmls namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-apiserver-86b5d6dbc4-thd52 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-controller-manager-86f5fc4fc7-fx4b5 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-scheduler-9df464f49-fswpk namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-state-metrics-85b5bf77b4-mxf42 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: machine-controller-manager-68b74c776d-msnzv namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: machine-controller-manager-68b74c776d-msnzv namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: network-problem-detector-controller-66989c7547-j6rgc namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: plutono-6fc5d56577-9h64s namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: plutono-6fc5d56577-9h64s namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: plutono-6fc5d56577-9h64s namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: plutono-6fc5d56577-9h64s namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: remedy-controller-azure-57f7db994-gv467 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: shoot-dns-service-55f4885d86-85jgc namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpa-admission-controller-6ccd6fc589-fxmch namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpa-admission-controller-6ccd6fc589-s822t namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpa-recommender-56bbfc87c8-lbv2s namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpa-updater-6f4b5fb546-xb778 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpn-seed-server-576f5cc-rttdc namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpn-seed-server-576f5cc-rttdc namespace: shoot--diki-comp--azure
- cluster: shoot kind: pod name: apiserver-proxy-kbgdp namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-kbgdp namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-ptvb8 namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-ptvb8 namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-gx79p namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-qhbs2 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-4wmbt namespace: kube-system
- cluster: shoot kind: pod name: calico-node-8wlvp namespace: kube-system
- cluster: shoot kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-hf2jw namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-98jwl namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-j82pt namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-gq6ml namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-jg9nf namespace: kube-system
- cluster: shoot kind: pod name: cloud-node-manager-rzc7h namespace: kube-system
- cluster: shoot kind: pod name: cloud-node-manager-svm6w namespace: kube-system
- cluster: shoot kind: pod name: coredns-58fd58b4f6-kbbdp namespace: kube-system
- cluster: shoot kind: pod name: coredns-58fd58b4f6-pvvrz namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-disk-hjxlx namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-disk-hjxlx namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-disk-hjxlx namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-disk-nsmlq namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-disk-nsmlq namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-disk-nsmlq namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-file-5ln94 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-file-5ln94 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-file-5ln94 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-file-qv8rp namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-file-qv8rp namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-file-qv8rp namespace: kube-system
- cluster: shoot kind: pod name: diki-242449-m2wpk64dps namespace: kube-system
- cluster: shoot kind: pod name: diki-242451-0r3a1mudxn namespace: kube-system
- cluster: shoot kind: pod name: diki-242466-syzgrb0nhu namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-bbbbr namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-qb8t6 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-kpksf namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-kpksf namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-7655f847b-4kzt2 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-7655f847b-8v894 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-6b9mc namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-kbzqs namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-k22pr namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-kx6jn namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-nbkkr namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-ph9sx namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-8mw8p namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-p9jp4 namespace: kube-system
- cluster: shoot kind: pod name: vpn-shoot-56dcf9cf9d-99tfc namespace: kube-system
- gcp
- cluster: seed kind: pod name: blackbox-exporter-c7cc77fbf-db9kq namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: blackbox-exporter-c7cc77fbf-t667q namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: cert-controller-manager-6946674f78-9dsg6 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: cloud-controller-manager-6f67b6df64-9svgn namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-driver-controller-7dd7c47666-zjpqb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-driver-controller-7dd7c47666-zjpqb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-driver-controller-7dd7c47666-zjpqb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-driver-controller-7dd7c47666-zjpqb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-driver-controller-7dd7c47666-zjpqb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-driver-controller-7dd7c47666-zjpqb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-snapshot-controller-fd9587fdf-2mvdf namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-snapshot-validation-79df8f8c66-6kzb7 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-snapshot-validation-79df8f8c66-qggvf namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: event-logger-69576b5c95-hjbwj namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: extension-shoot-lakom-service-86596f55f8-qlhnp namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: extension-shoot-lakom-service-86596f55f8-z7rjv namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: gardener-resource-manager-ff5bf7fb4-4r2tv namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: gardener-resource-manager-ff5bf7fb4-szjgd namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-apiserver-6f5746f87-5mfhz namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-apiserver-6f5746f87-mjzj9 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-controller-manager-856b7c9889-dzsbv namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-scheduler-5d4c7456bd-mvv6x namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-state-metrics-64d5994f8-rfzmh namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: machine-controller-manager-67b97665c9-m54jw namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: machine-controller-manager-67b97665c9-m54jw namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: network-problem-detector-controller-66cc54677c-kvq75 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: plutono-69866c8cdb-n2c8x namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: plutono-69866c8cdb-n2c8x namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: plutono-69866c8cdb-n2c8x namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: plutono-69866c8cdb-n2c8x namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: shoot-dns-service-575bcd459-79s4m namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpa-admission-controller-9cffc8f78-jl676 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpa-admission-controller-9cffc8f78-s8flk namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpa-recommender-56645d8bdb-2lcmb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpa-updater-f79b6fc6b-4rlg5 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpn-seed-server-67c8474dc7-blfcl namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpn-seed-server-67c8474dc7-blfcl namespace: shoot--diki-comp--gcp
- cluster: shoot kind: pod name: apiserver-proxy-rmcnj namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-rmcnj namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-v88dp namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-v88dp namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-gmfnj namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-jjtfq namespace: kube-system
- cluster: shoot kind: pod name: calico-node-5bzc2 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-5bzc2 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-cnwrp namespace: kube-system
- cluster: shoot kind: pod name: calico-node-cnwrp namespace: kube-system
- cluster: shoot kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-hjg6k namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-frk7j namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-rlc2z namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-5cbl7 namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-scbqx namespace: kube-system
- cluster: shoot kind: pod name: coredns-679b67f9f7-m46pm namespace: kube-system
- cluster: shoot kind: pod name: coredns-679b67f9f7-t8f7n namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-z298z namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-z298z namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-z298z namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-zgp8f namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-zgp8f namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-zgp8f namespace: kube-system
- cluster: shoot kind: pod name: diki-242404-z1nu9wom0m namespace: kube-system
- cluster: shoot kind: pod name: diki-242449-8z89s24f3f namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-2blsk namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-mwnd5 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-bex82-v1.28.10-bb9x9 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-bex82-v1.28.10-bb9x9 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-7db8b88958-dz2h9 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-7db8b88958-rwnwc namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-x6g88 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-zl466 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-n8k2n namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-nnqtf namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-8frqb namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-xq6cg namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-mhj4m namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-rn6hv namespace: kube-system
- cluster: shoot kind: pod name: vpn-shoot-59f4dbd8cd-bwf8w namespace: kube-system
- openstack
- cluster: seed kind: pod name: blackbox-exporter-6b8d699d98-46wrb namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: blackbox-exporter-6b8d699d98-v88mn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: cert-controller-manager-5df68f6f5d-sgc7d namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: cloud-controller-manager-b4857486b-2h6jb namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-driver-controller-5968889847-slsgn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-driver-controller-5968889847-slsgn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-driver-controller-5968889847-slsgn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-driver-controller-5968889847-slsgn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-driver-controller-5968889847-slsgn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-driver-controller-5968889847-slsgn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-snapshot-controller-5d4fc5c479-dmrwv namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-snapshot-validation-5fc8f5bb4b-66245 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-snapshot-validation-5fc8f5bb4b-c924q namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: event-logger-6469658865-tbjft namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: extension-shoot-lakom-service-844c5dcfd6-j9wdx namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: extension-shoot-lakom-service-844c5dcfd6-wrpcb namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: gardener-resource-manager-7b4747c958-pg654 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: gardener-resource-manager-7b4747c958-rfqn2 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-apiserver-7fb7b9b4cd-m7mmg namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-state-metrics-7f54fbdbdb-jpq78 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: machine-controller-manager-85cbdc979-mptqt namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: machine-controller-manager-85cbdc979-mptqt namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: network-problem-detector-controller-78bbfd4757-tf8f2 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: plutono-694bff49d4-px76r namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: plutono-694bff49d4-px76r namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: plutono-694bff49d4-px76r namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: plutono-694bff49d4-px76r namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: shoot-dns-service-867b566fc5-ct8wj namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpa-admission-controller-b99c554c8-7j9lc namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpa-admission-controller-b99c554c8-rhbmx namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpa-recommender-5df469cbf4-kngl8 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpa-updater-5dfd58d478-ph8mz namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpn-seed-server-69d5794bb7-s7vkf namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpn-seed-server-69d5794bb7-s7vkf namespace: shoot--diki-comp--openstack
- cluster: shoot kind: pod name: apiserver-proxy-qw9pr namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-qw9pr namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-qzdcp namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-qzdcp namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-2nt8f namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-6tqbq namespace: kube-system
- cluster: shoot kind: pod name: calico-kube-controllers-7fbfb84c54-2lsh5 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-7xv9t namespace: kube-system
- cluster: shoot kind: pod name: calico-node-k2pc6 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-przgw namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-bwkdh namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-hkdc5 namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-htlcp namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-9zp9f namespace: kube-system
- cluster: shoot kind: pod name: coredns-56d45984c9-f6xtf namespace: kube-system
- cluster: shoot kind: pod name: coredns-56d45984c9-zgq2w namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-gcsc7 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-gcsc7 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-gcsc7 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-pmml4 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-pmml4 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-pmml4 namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-t965v namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-vsrrl namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-dqty2-v1.28.10-xx9v6 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-dqty2-v1.28.10-xx9v6 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-586dcd8bff-7n7nm namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-586dcd8bff-sjjfv namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-55ptw namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-lp4n6 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-ftcw5 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-zt596 namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-rnbv9 namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-trqtg namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-k79bs namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-pdtdj namespace: kube-system
- cluster: shoot kind: pod name: vpn-shoot-697b676499-jkgvw namespace: kube-system
- aws
-
Container does not use hostPort < 1024.
-
Secrets in Kubernetes must not be stored as environment variables (HIGH 242415)
-
Pod does not use environment to inject secret.
- aws
- cluster: seed kind: pod name: aws-custom-route-controller-7856476fd4-hsq29 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: blackbox-exporter-5d75c47dcd-2v7cs namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: blackbox-exporter-5d75c47dcd-d7bpd namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: cert-controller-manager-755dbd646b-hgxzx namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: cloud-controller-manager-769c9b45dd-c5vxq namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-driver-controller-7ffbd87db8-dkp27 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-snapshot-controller-7669f6bfc4-nscqb namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-snapshot-validation-654f9b49d7-xfjxn namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: csi-snapshot-validation-654f9b49d7-xs2pt namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: event-logger-7cdddb58d8-65h7q namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: extension-shoot-lakom-service-6df659477c-28tts namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: extension-shoot-lakom-service-6df659477c-5q5st namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: gardener-resource-manager-6d957ff4b4-56mqn namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: gardener-resource-manager-6d957ff4b4-b2lbj namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-apiserver-76d9c64f5b-7gwf4 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: kube-state-metrics-68dfcd5d48-5mdnv namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: machine-controller-manager-7454c6df68-z77xw namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: network-problem-detector-controller-5f458c7579-82tns namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: plutono-567d7c946b-7xgjl namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: shoot-dns-service-645f556cf4-7xc4r namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpa-admission-controller-59bc4d9d8f-hxrh7 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpa-admission-controller-59bc4d9d8f-vf58j namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpa-recommender-6f499cfd88-lnbrx namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpa-updater-746fb98848-8zzf8 namespace: shoot--diki-comp--aws
- cluster: seed kind: pod name: vpn-seed-server-547576865c-x6fr2 namespace: shoot--diki-comp--aws
- cluster: shoot kind: pod name: apiserver-proxy-kx2mw namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-wtlv2 namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-82dwq namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-wh7rj namespace: kube-system
- cluster: shoot kind: pod name: calico-node-9nlzv namespace: kube-system
- cluster: shoot kind: pod name: calico-node-l94hn namespace: kube-system
- cluster: shoot kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-x9rl9 namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-6rlcn namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-g7k2t namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-vtvrw namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-7gf59 namespace: kube-system
- cluster: shoot kind: pod name: coredns-5cc8785ccd-x8bs2 namespace: kube-system
- cluster: shoot kind: pod name: coredns-5cc8785ccd-xwwgh namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-mrv64 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-s74n2 namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-nd86n namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-vjfwc namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-4lhcz namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-5776b47bc7-g7qjf namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-5776b47bc7-rfmd5 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-s5286 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-x5rm5 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-5kv4k namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-s4wlg namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-fkdwq namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-xhh5n namespace: kube-system
- cluster: shoot kind: pod name: node-local-dns-6kjdw namespace: kube-system
- cluster: shoot kind: pod name: node-local-dns-ws9mx namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-7nhkg namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-vngln namespace: kube-system
- cluster: shoot kind: pod name: vpn-shoot-664f9946cc-cgkvj namespace: kube-system
- azure
- cluster: seed kind: pod name: blackbox-exporter-86c7645696-lpf4t namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: blackbox-exporter-86c7645696-wk9l5 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: cert-controller-manager-7bd977469b-gj7zt namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: cloud-controller-manager-678c6d74d6-9n8dm namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-disk-6b967795c9-w8nmj namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-driver-controller-file-7cfdfbd8fc-xgp5z namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-snapshot-controller-54b4bcd846-mlxgq namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-snapshot-validation-797f668744-685cb namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: csi-snapshot-validation-797f668744-t64t4 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: event-logger-5d8496f566-jbqv7 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: extension-shoot-lakom-service-c79868bf8-mkrs9 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: extension-shoot-lakom-service-c79868bf8-tddc6 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: gardener-resource-manager-78754877d5-k6cl8 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: gardener-resource-manager-78754877d5-ml2z8 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-apiserver-86b5d6dbc4-fqmls namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-apiserver-86b5d6dbc4-thd52 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-controller-manager-86f5fc4fc7-fx4b5 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-scheduler-9df464f49-fswpk namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: kube-state-metrics-85b5bf77b4-mxf42 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: machine-controller-manager-68b74c776d-msnzv namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: network-problem-detector-controller-66989c7547-j6rgc namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: plutono-6fc5d56577-9h64s namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: remedy-controller-azure-57f7db994-gv467 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: shoot-dns-service-55f4885d86-85jgc namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpa-admission-controller-6ccd6fc589-fxmch namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpa-admission-controller-6ccd6fc589-s822t namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpa-recommender-56bbfc87c8-lbv2s namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpa-updater-6f4b5fb546-xb778 namespace: shoot--diki-comp--azure
- cluster: seed kind: pod name: vpn-seed-server-576f5cc-rttdc namespace: shoot--diki-comp--azure
- cluster: shoot kind: pod name: apiserver-proxy-kbgdp namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-ptvb8 namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-gx79p namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-qhbs2 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-4wmbt namespace: kube-system
- cluster: shoot kind: pod name: calico-node-8wlvp namespace: kube-system
- cluster: shoot kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-hf2jw namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-98jwl namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-j82pt namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-gq6ml namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-jg9nf namespace: kube-system
- cluster: shoot kind: pod name: cloud-node-manager-rzc7h namespace: kube-system
- cluster: shoot kind: pod name: cloud-node-manager-svm6w namespace: kube-system
- cluster: shoot kind: pod name: coredns-58fd58b4f6-kbbdp namespace: kube-system
- cluster: shoot kind: pod name: coredns-58fd58b4f6-pvvrz namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-disk-hjxlx namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-disk-nsmlq namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-file-5ln94 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-file-qv8rp namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-bbbbr namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-qb8t6 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-kpksf namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-7655f847b-4kzt2 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-7655f847b-8v894 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-6b9mc namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-kbzqs namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-k22pr namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-kx6jn namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-nbkkr namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-ph9sx namespace: kube-system
- cluster: shoot kind: pod name: node-local-dns-s2lvs namespace: kube-system
- cluster: shoot kind: pod name: node-local-dns-zs2sb namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-8mw8p namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-p9jp4 namespace: kube-system
- cluster: shoot kind: pod name: vpn-shoot-56dcf9cf9d-99tfc namespace: kube-system
- gcp
- cluster: seed kind: pod name: blackbox-exporter-c7cc77fbf-db9kq namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: blackbox-exporter-c7cc77fbf-t667q namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: cert-controller-manager-6946674f78-9dsg6 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: cloud-controller-manager-6f67b6df64-9svgn namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-driver-controller-7dd7c47666-zjpqb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-snapshot-controller-fd9587fdf-2mvdf namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-snapshot-validation-79df8f8c66-6kzb7 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: csi-snapshot-validation-79df8f8c66-qggvf namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: event-logger-69576b5c95-hjbwj namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: extension-shoot-lakom-service-86596f55f8-qlhnp namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: extension-shoot-lakom-service-86596f55f8-z7rjv namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: gardener-resource-manager-ff5bf7fb4-4r2tv namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: gardener-resource-manager-ff5bf7fb4-szjgd namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-apiserver-6f5746f87-5mfhz namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-apiserver-6f5746f87-mjzj9 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-controller-manager-856b7c9889-dzsbv namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-scheduler-5d4c7456bd-mvv6x namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: kube-state-metrics-64d5994f8-rfzmh namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: machine-controller-manager-67b97665c9-m54jw namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: network-problem-detector-controller-66cc54677c-kvq75 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: plutono-69866c8cdb-n2c8x namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: shoot-dns-service-575bcd459-79s4m namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpa-admission-controller-9cffc8f78-jl676 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpa-admission-controller-9cffc8f78-s8flk namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpa-recommender-56645d8bdb-2lcmb namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpa-updater-f79b6fc6b-4rlg5 namespace: shoot--diki-comp--gcp
- cluster: seed kind: pod name: vpn-seed-server-67c8474dc7-blfcl namespace: shoot--diki-comp--gcp
- cluster: shoot kind: pod name: apiserver-proxy-rmcnj namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-v88dp namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-gmfnj namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-jjtfq namespace: kube-system
- cluster: shoot kind: pod name: calico-node-5bzc2 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-cnwrp namespace: kube-system
- cluster: shoot kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-hjg6k namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-frk7j namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-rlc2z namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-5cbl7 namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-scbqx namespace: kube-system
- cluster: shoot kind: pod name: coredns-679b67f9f7-m46pm namespace: kube-system
- cluster: shoot kind: pod name: coredns-679b67f9f7-t8f7n namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-z298z namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-zgp8f namespace: kube-system
- cluster: shoot kind: pod name: diki-242393-ot4eirqfni namespace: kube-system
- cluster: shoot kind: pod name: diki-242406-uphz6x02zf namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-2blsk namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-mwnd5 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-bex82-v1.28.10-bb9x9 namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-7db8b88958-dz2h9 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-7db8b88958-rwnwc namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-x6g88 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-zl466 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-n8k2n namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-nnqtf namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-8frqb namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-xq6cg namespace: kube-system
- cluster: shoot kind: pod name: node-local-dns-cl4xr namespace: kube-system
- cluster: shoot kind: pod name: node-local-dns-kz9nr namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-mhj4m namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-rn6hv namespace: kube-system
- cluster: shoot kind: pod name: vpn-shoot-59f4dbd8cd-bwf8w namespace: kube-system
- openstack
- cluster: seed kind: pod name: blackbox-exporter-6b8d699d98-46wrb namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: blackbox-exporter-6b8d699d98-v88mn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: cert-controller-manager-5df68f6f5d-sgc7d namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: cloud-controller-manager-b4857486b-2h6jb namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-driver-controller-5968889847-slsgn namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-snapshot-controller-5d4fc5c479-dmrwv namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-snapshot-validation-5fc8f5bb4b-66245 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: csi-snapshot-validation-5fc8f5bb4b-c924q namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: event-logger-6469658865-tbjft namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: extension-shoot-lakom-service-844c5dcfd6-j9wdx namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: extension-shoot-lakom-service-844c5dcfd6-wrpcb namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: gardener-resource-manager-7b4747c958-pg654 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: gardener-resource-manager-7b4747c958-rfqn2 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-apiserver-7fb7b9b4cd-m7mmg namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: kube-state-metrics-7f54fbdbdb-jpq78 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: machine-controller-manager-85cbdc979-mptqt namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: network-problem-detector-controller-78bbfd4757-tf8f2 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: plutono-694bff49d4-px76r namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: prometheus-shoot-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: shoot-dns-service-867b566fc5-ct8wj namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vali-0 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpa-admission-controller-b99c554c8-7j9lc namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpa-admission-controller-b99c554c8-rhbmx namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpa-recommender-5df469cbf4-kngl8 namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpa-updater-5dfd58d478-ph8mz namespace: shoot--diki-comp--openstack
- cluster: seed kind: pod name: vpn-seed-server-69d5794bb7-s7vkf namespace: shoot--diki-comp--openstack
- cluster: shoot kind: pod name: apiserver-proxy-qw9pr namespace: kube-system
- cluster: shoot kind: pod name: apiserver-proxy-qzdcp namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-2nt8f namespace: kube-system
- cluster: shoot kind: pod name: blackbox-exporter-858fbbb8d6-6tqbq namespace: kube-system
- cluster: shoot kind: pod name: calico-kube-controllers-7fbfb84c54-2lsh5 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-7xv9t namespace: kube-system
- cluster: shoot kind: pod name: calico-node-k2pc6 namespace: kube-system
- cluster: shoot kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-przgw namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-bwkdh namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-deploy-7968dd78d5-hkdc5 namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-htlcp namespace: kube-system
- cluster: shoot kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-9zp9f namespace: kube-system
- cluster: shoot kind: pod name: coredns-56d45984c9-f6xtf namespace: kube-system
- cluster: shoot kind: pod name: coredns-56d45984c9-zgq2w namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-gcsc7 namespace: kube-system
- cluster: shoot kind: pod name: csi-driver-node-pmml4 namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-t965v namespace: kube-system
- cluster: shoot kind: pod name: egress-filter-applier-vsrrl namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- cluster: shoot kind: pod name: kube-proxy-worker-dqty2-v1.28.10-xx9v6 namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-586dcd8bff-7n7nm namespace: kube-system
- cluster: shoot kind: pod name: metrics-server-586dcd8bff-sjjfv namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-55ptw namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-host-lp4n6 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-ftcw5 namespace: kube-system
- cluster: shoot kind: pod name: network-problem-detector-pod-zt596 namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-rnbv9 namespace: kube-system
- cluster: shoot kind: pod name: node-exporter-trqtg namespace: kube-system
- cluster: shoot kind: pod name: node-local-dns-jdng7 namespace: kube-system
- cluster: shoot kind: pod name: node-local-dns-r8z88 namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-k79bs namespace: kube-system
- cluster: shoot kind: pod name: node-problem-detector-pdtdj namespace: kube-system
- cluster: shoot kind: pod name: vpn-shoot-697b676499-jkgvw namespace: kube-system
- aws
-
Pod does not use environment to inject secret.
-
Kubernetes must separate user functionality (MEDIUM 242417)
-
Gardener managed pods are not user pods
- aws
- kind: pod name: apiserver-proxy-kx2mw namespace: kube-system
- kind: pod name: apiserver-proxy-wtlv2 namespace: kube-system
- kind: pod name: blackbox-exporter-858fbbb8d6-82dwq namespace: kube-system
- kind: pod name: blackbox-exporter-858fbbb8d6-wh7rj namespace: kube-system
- kind: pod name: calico-node-9nlzv namespace: kube-system
- kind: pod name: calico-node-l94hn namespace: kube-system
- kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-x9rl9 namespace: kube-system
- kind: pod name: calico-typha-deploy-7968dd78d5-6rlcn namespace: kube-system
- kind: pod name: calico-typha-deploy-7968dd78d5-g7k2t namespace: kube-system
- kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-vtvrw namespace: kube-system
- kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-7gf59 namespace: kube-system
- kind: pod name: coredns-5cc8785ccd-x8bs2 namespace: kube-system
- kind: pod name: coredns-5cc8785ccd-xwwgh namespace: kube-system
- kind: pod name: csi-driver-node-mrv64 namespace: kube-system
- kind: pod name: csi-driver-node-s74n2 namespace: kube-system
- kind: pod name: egress-filter-applier-nd86n namespace: kube-system
- kind: pod name: egress-filter-applier-vjfwc namespace: kube-system
- kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-4lhcz namespace: kube-system
- kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- kind: pod name: metrics-server-5776b47bc7-g7qjf namespace: kube-system
- kind: pod name: metrics-server-5776b47bc7-rfmd5 namespace: kube-system
- kind: pod name: network-problem-detector-host-s5286 namespace: kube-system
- kind: pod name: network-problem-detector-host-x5rm5 namespace: kube-system
- kind: pod name: network-problem-detector-pod-5kv4k namespace: kube-system
- kind: pod name: network-problem-detector-pod-s4wlg namespace: kube-system
- kind: pod name: node-exporter-fkdwq namespace: kube-system
- kind: pod name: node-exporter-xhh5n namespace: kube-system
- kind: pod name: node-local-dns-6kjdw namespace: kube-system
- kind: pod name: node-local-dns-ws9mx namespace: kube-system
- kind: pod name: node-problem-detector-7nhkg namespace: kube-system
- kind: pod name: node-problem-detector-vngln namespace: kube-system
- kind: pod name: vpn-shoot-664f9946cc-cgkvj namespace: kube-system
- azure
- kind: pod name: apiserver-proxy-kbgdp namespace: kube-system
- kind: pod name: apiserver-proxy-ptvb8 namespace: kube-system
- kind: pod name: blackbox-exporter-858fbbb8d6-gx79p namespace: kube-system
- kind: pod name: blackbox-exporter-858fbbb8d6-qhbs2 namespace: kube-system
- kind: pod name: calico-node-4wmbt namespace: kube-system
- kind: pod name: calico-node-8wlvp namespace: kube-system
- kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-hf2jw namespace: kube-system
- kind: pod name: calico-typha-deploy-7968dd78d5-98jwl namespace: kube-system
- kind: pod name: calico-typha-deploy-7968dd78d5-j82pt namespace: kube-system
- kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-gq6ml namespace: kube-system
- kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-jg9nf namespace: kube-system
- kind: pod name: cloud-node-manager-rzc7h namespace: kube-system
- kind: pod name: cloud-node-manager-svm6w namespace: kube-system
- kind: pod name: coredns-58fd58b4f6-kbbdp namespace: kube-system
- kind: pod name: coredns-58fd58b4f6-pvvrz namespace: kube-system
- kind: pod name: csi-driver-node-disk-hjxlx namespace: kube-system
- kind: pod name: csi-driver-node-disk-nsmlq namespace: kube-system
- kind: pod name: csi-driver-node-file-5ln94 namespace: kube-system
- kind: pod name: csi-driver-node-file-qv8rp namespace: kube-system
- kind: pod name: egress-filter-applier-bbbbr namespace: kube-system
- kind: pod name: egress-filter-applier-qb8t6 namespace: kube-system
- kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-kpksf namespace: kube-system
- kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- kind: pod name: metrics-server-7655f847b-4kzt2 namespace: kube-system
- kind: pod name: metrics-server-7655f847b-8v894 namespace: kube-system
- kind: pod name: network-problem-detector-host-6b9mc namespace: kube-system
- kind: pod name: network-problem-detector-host-kbzqs namespace: kube-system
- kind: pod name: network-problem-detector-pod-k22pr namespace: kube-system
- kind: pod name: network-problem-detector-pod-kx6jn namespace: kube-system
- kind: pod name: node-exporter-nbkkr namespace: kube-system
- kind: pod name: node-exporter-ph9sx namespace: kube-system
- kind: pod name: node-local-dns-s2lvs namespace: kube-system
- kind: pod name: node-local-dns-zs2sb namespace: kube-system
- kind: pod name: node-problem-detector-8mw8p namespace: kube-system
- kind: pod name: node-problem-detector-p9jp4 namespace: kube-system
- kind: pod name: vpn-shoot-56dcf9cf9d-99tfc namespace: kube-system
- gcp
- kind: pod name: apiserver-proxy-rmcnj namespace: kube-system
- kind: pod name: apiserver-proxy-v88dp namespace: kube-system
- kind: pod name: blackbox-exporter-858fbbb8d6-gmfnj namespace: kube-system
- kind: pod name: blackbox-exporter-858fbbb8d6-jjtfq namespace: kube-system
- kind: pod name: calico-node-5bzc2 namespace: kube-system
- kind: pod name: calico-node-cnwrp namespace: kube-system
- kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-hjg6k namespace: kube-system
- kind: pod name: calico-typha-deploy-7968dd78d5-frk7j namespace: kube-system
- kind: pod name: calico-typha-deploy-7968dd78d5-rlc2z namespace: kube-system
- kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-5cbl7 namespace: kube-system
- kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-scbqx namespace: kube-system
- kind: pod name: coredns-679b67f9f7-m46pm namespace: kube-system
- kind: pod name: coredns-679b67f9f7-t8f7n namespace: kube-system
- kind: pod name: csi-driver-node-z298z namespace: kube-system
- kind: pod name: csi-driver-node-zgp8f namespace: kube-system
- kind: pod name: egress-filter-applier-2blsk namespace: kube-system
- kind: pod name: egress-filter-applier-mwnd5 namespace: kube-system
- kind: pod name: kube-proxy-worker-bex82-v1.28.10-bb9x9 namespace: kube-system
- kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- kind: pod name: metrics-server-7db8b88958-dz2h9 namespace: kube-system
- kind: pod name: metrics-server-7db8b88958-rwnwc namespace: kube-system
- kind: pod name: network-problem-detector-host-x6g88 namespace: kube-system
- kind: pod name: network-problem-detector-host-zl466 namespace: kube-system
- kind: pod name: network-problem-detector-pod-n8k2n namespace: kube-system
- kind: pod name: network-problem-detector-pod-nnqtf namespace: kube-system
- kind: pod name: node-exporter-8frqb namespace: kube-system
- kind: pod name: node-exporter-xq6cg namespace: kube-system
- kind: pod name: node-local-dns-cl4xr namespace: kube-system
- kind: pod name: node-local-dns-kz9nr namespace: kube-system
- kind: pod name: node-problem-detector-mhj4m namespace: kube-system
- kind: pod name: node-problem-detector-rn6hv namespace: kube-system
- kind: pod name: vpn-shoot-59f4dbd8cd-bwf8w namespace: kube-system
- openstack
- kind: pod name: apiserver-proxy-qw9pr namespace: kube-system
- kind: pod name: apiserver-proxy-qzdcp namespace: kube-system
- kind: pod name: blackbox-exporter-858fbbb8d6-2nt8f namespace: kube-system
- kind: pod name: blackbox-exporter-858fbbb8d6-6tqbq namespace: kube-system
- kind: pod name: calico-kube-controllers-7fbfb84c54-2lsh5 namespace: kube-system
- kind: pod name: calico-node-7xv9t namespace: kube-system
- kind: pod name: calico-node-k2pc6 namespace: kube-system
- kind: pod name: calico-node-vertical-autoscaler-5477bf8d8b-przgw namespace: kube-system
- kind: pod name: calico-typha-deploy-7968dd78d5-bwkdh namespace: kube-system
- kind: pod name: calico-typha-deploy-7968dd78d5-hkdc5 namespace: kube-system
- kind: pod name: calico-typha-horizontal-autoscaler-586ff75c6b-htlcp namespace: kube-system
- kind: pod name: calico-typha-vertical-autoscaler-b95cbbd-9zp9f namespace: kube-system
- kind: pod name: coredns-56d45984c9-f6xtf namespace: kube-system
- kind: pod name: coredns-56d45984c9-zgq2w namespace: kube-system
- kind: pod name: csi-driver-node-gcsc7 namespace: kube-system
- kind: pod name: csi-driver-node-pmml4 namespace: kube-system
- kind: pod name: egress-filter-applier-t965v namespace: kube-system
- kind: pod name: egress-filter-applier-vsrrl namespace: kube-system
- kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- kind: pod name: kube-proxy-worker-dqty2-v1.28.10-xx9v6 namespace: kube-system
- kind: pod name: metrics-server-586dcd8bff-7n7nm namespace: kube-system
- kind: pod name: metrics-server-586dcd8bff-sjjfv namespace: kube-system
- kind: pod name: network-problem-detector-host-55ptw namespace: kube-system
- kind: pod name: network-problem-detector-host-lp4n6 namespace: kube-system
- kind: pod name: network-problem-detector-pod-ftcw5 namespace: kube-system
- kind: pod name: network-problem-detector-pod-zt596 namespace: kube-system
- kind: pod name: node-exporter-rnbv9 namespace: kube-system
- kind: pod name: node-exporter-trqtg namespace: kube-system
- kind: pod name: node-local-dns-jdng7 namespace: kube-system
- kind: pod name: node-local-dns-r8z88 namespace: kube-system
- kind: pod name: node-problem-detector-k79bs namespace: kube-system
- kind: pod name: node-problem-detector-pdtdj namespace: kube-system
- kind: pod name: vpn-shoot-697b676499-jkgvw namespace: kube-system
- aws
-
Gardener managed pods are not user pods
-
The Kubernetes API server must use approved cipher suites (MEDIUM 242418)
-
Option tls-cipher-suites set to allowed values.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option tls-cipher-suites set to allowed values.
-
Kubernetes API Server must have the SSL Certificate Authority set (MEDIUM 242419)
-
Option client-ca-file set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option client-ca-file set.
-
Kubernetes Kubelet must have the SSL Certificate Authority set (MEDIUM 242420)
-
Option authentication.x509.clientCAFile set.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Option authentication.x509.clientCAFile set.
-
Kubernetes Controller Manager must have the SSL Certificate Authority set (MEDIUM 242421)
-
Option root-ca-file set.
- aws
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-controller-manager namespace: shoot--diki-comp--openstack
- aws
-
Option root-ca-file set.
-
Kubernetes API Server must have a certificate for communication (MEDIUM 242422)
-
Option tls-cert-file set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option tls-private-key-file set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option tls-cert-file set.
-
Kubernetes etcd must enable client authentication to secure service (MEDIUM 242423)
-
Option client-transport-security.client-cert-auth set to allowed value.
- aws
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--aws
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--aws
- azure
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--azure
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--azure
- gcp
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--gcp
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--gcp
- openstack
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--openstack
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--openstack
- aws
-
Option client-transport-security.client-cert-auth set to allowed value.
-
Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service (MEDIUM 242424)
-
Kubelet rotates server certificates automatically itself.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Kubelet rotates server certificates automatically itself.
-
Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service (MEDIUM 242425)
-
Kubelet rotates server certificates automatically itself.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Kubelet rotates server certificates automatically itself.
-
Kubernetes etcd must have a key file for secure communication (MEDIUM 242427)
-
Option client-transport-security.key-file set to allowed value.
- aws
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--aws
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--aws
- azure
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--azure
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--azure
- gcp
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--gcp
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--gcp
- openstack
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--openstack
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--openstack
- aws
-
Option client-transport-security.key-file set to allowed value.
-
Kubernetes etcd must have a certificate for communication (MEDIUM 242428)
-
Option client-transport-security.cert-file set to allowed value.
- aws
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--aws
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--aws
- azure
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--azure
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--azure
- gcp
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--gcp
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--gcp
- openstack
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--openstack
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--openstack
- aws
-
Option client-transport-security.cert-file set to allowed value.
-
Kubernetes etcd must have the SSL Certificate Authority set (MEDIUM 242429)
-
Option etcd-cafile set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option etcd-cafile set.
-
Kubernetes etcd must have a certificate for communication (MEDIUM 242430)
-
Option etcd-certfile set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option etcd-certfile set.
-
Kubernetes etcd must have a key file for secure communication (MEDIUM 242431)
-
Option etcd-keyfile set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option etcd-keyfile set.
-
Kubernetes Kubelet must enable kernel protection (HIGH 242434)
-
Option protectKernelDefaults set to allowed value.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Option protectKernelDefaults set to allowed value.
-
The Kubernetes API server must have the ValidatingAdmissionWebhook enabled (HIGH 242436)
-
Option enable-admission-plugins set to allowed value.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option enable-admission-plugins set to allowed value.
-
Kubernetes API Server must configure timeouts to limit attack surface (MEDIUM 242438)
-
Option request-timeout has not been set.
- aws
- details: defaults to 1m0s kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- details: defaults to 1m0s kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- details: defaults to 1m0s kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- details: defaults to 1m0s kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option request-timeout has not been set.
-
Kubernetes must remove old components after updated versions have been installed (MEDIUM 242442)
-
All found images use current versions.
- aws
- azure
- gcp
- openstack
- aws
-
All found images use current versions.
-
The Kubernetes component etcd must be owned by etcd (MEDIUM 242445)
-
File has expected owners
- aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_31.3632059657/etcd.conf.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_34.1239384448/region, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_34.1239384448/secretAccessKey, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_34.1239384448/accessKeyID, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_34.1239384448/bucketName, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_34.2074945830/etcd.conf.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_30.69405982/bucketName, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_30.69405982/storageAccount, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_30.69405982/storageKey, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_30.2940324903/etcd.conf.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_39.2305215472/serviceaccount.json, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_39.2305215472/bucketName, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_39.3264256653/etcd.conf.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/applicationCredentialSecret, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/authURL, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/bucketName, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/domainName, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/region, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/tenantName, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/applicationCredentialID, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/applicationCredentialName, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_27.791977657/etcd.conf.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/snap/db, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/wal/0.tmp, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/safe_guard, ownerUser: 65532, ownerGroup: 65532 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_26.760285163/etcd.conf.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/namespace, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/token, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- aws
-
File has expected owners
-
The Kubernetes conf files must be owned by root (MEDIUM 242446)
-
File has expected owners
- aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_03_32.2849634808/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~configmap/kube-scheduler-config/..2024_07_25_13_03_32.3178977814/config.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_03_32.4108013154/kubeconfig, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_03_32.4108013154/token, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca/..2024_07_25_13_03_07.1368478840/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912/ca.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/service-account-key/..2024_07_25_13_03_07.736850249/id_rsa, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478/ca.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_03_23.915608683/kubeconfig, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_03_23.915608683/token, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_02_10.2226241370/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_02_10.933493267/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_02_10.3965564115/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~configmap/audit-policy-config/..2024_07_25_13_02_10.919451044/audit-policy.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~configmap/admission-config/..2024_07_25_13_02_10.557863803/podsecurity.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~configmap/admission-config/..2024_07_25_13_02_10.557863803/admission-configuration.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca/..2024_07_25_13_02_10.662489473/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-encryption-secret/..2024_07_25_13_02_10.226502613/encryption-configuration.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/service-account-key/..2024_07_25_13_02_10.2933211119/id_rsa, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_02_10.2581373418/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_02_10.978118440/bundle.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~configmap/egress-selection-config/..2024_07_25_13_02_10.2023717197/egress-selector-configuration.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/static-token/..2024_07_25_13_02_10.1624455993/static_tokens.csv, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_02_10.2158392424/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca/..2024_07_25_13_01_59.991544212/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271/ca.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/service-account-key/..2024_07_25_13_01_59.3581293990/id_rsa, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483/ca.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_02_03.3923270535/kubeconfig, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_02_03.3923270535/token, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_02_16.1569774485/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~configmap/kube-scheduler-config/..2024_07_25_13_02_16.2132886517/config.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_02_19.2500005201/token, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_02_19.2500005201/kubeconfig, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_00_42.2442118241/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_00_42.3330985798/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_00_42.3182125229/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~configmap/audit-policy-config/..2024_07_25_13_00_42.2870882805/audit-policy.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~configmap/admission-config/..2024_07_25_13_00_42.3675300062/podsecurity.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~configmap/admission-config/..2024_07_25_13_00_42.3675300062/admission-configuration.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca/..2024_07_25_13_00_42.3474913291/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-encryption-secret/..2024_07_25_13_00_42.531503639/encryption-configuration.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/service-account-key/..2024_07_25_13_00_42.322496126/id_rsa, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_00_42.1762643519/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_00_42.1536609594/bundle.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~configmap/egress-selection-config/..2024_07_25_13_00_42.3637718223/egress-selector-configuration.yaml, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/static-token/..2024_07_25_13_00_42.2571933157/static_tokens.csv, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_00_42.232080975/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- aws
-
File has expected owners
-
The Kubernetes Kube Proxy kubeconfig must have file permissions set to 644 or more restrictive (MEDIUM 242447)
-
File has expected permissions
- aws
- details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~configmap/kube-proxy-config/config.yaml, permissions: 644 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~secret/kubeconfig/kubeconfig, permissions: 644 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- azure
- details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~configmap/kube-proxy-config/config.yaml, permissions: 644 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~secret/kubeconfig/kubeconfig, permissions: 644 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- gcp
- details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~configmap/kube-proxy-config/config.yaml, permissions: 644 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~secret/kubeconfig/kubeconfig, permissions: 644 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- openstack
- details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~configmap/kube-proxy-config/config.yaml, permissions: 644 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~secret/kubeconfig/kubeconfig, permissions: 644 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- aws
-
File has expected permissions
-
The Kubernetes Kube Proxy kubeconfig must be owned by root (MEDIUM 242448)
-
File has expected owners
- aws
- details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~configmap/kube-proxy-config/config.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~secret/kubeconfig/kubeconfig, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- azure
- details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~configmap/kube-proxy-config/config.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~secret/kubeconfig/kubeconfig, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- gcp
- details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~configmap/kube-proxy-config/config.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~secret/kubeconfig/kubeconfig, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- openstack
- details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~configmap/kube-proxy-config/config.yaml, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~secret/kubeconfig/kubeconfig, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- aws
-
File has expected owners
-
The Kubernetes Kubelet certificate authority file must have file permissions set to 644 or more restrictive (MEDIUM 242449)
-
File has expected permissions
- aws
- details: fileName: /var/lib/kubelet/ca.crt, permissions: 644 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- details: fileName: /var/lib/kubelet/ca.crt, permissions: 644 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- details: fileName: /var/lib/kubelet/ca.crt, permissions: 644 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- details: fileName: /var/lib/kubelet/ca.crt, permissions: 644 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
File has expected permissions
-
The Kubernetes Kubelet certificate authority must be owned by root (MEDIUM 242450)
-
File has expected owners
- aws
- details: fileName: /var/lib/kubelet/ca.crt, ownerUser: 0, ownerGroup: 0 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- details: fileName: /var/lib/kubelet/ca.crt, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- details: fileName: /var/lib/kubelet/ca.crt, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- details: fileName: /var/lib/kubelet/ca.crt, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
File has expected owners
-
The Kubernetes component PKI must be owned by root (MEDIUM 242451)
-
File has expected owners
- aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca/..2024_07_25_13_03_07.1368478840/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912/ca.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478/ca.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca/..2024_07_25_13_03_07.1368478840, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_03_32.2849634808/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_03_32.2849634808, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_02_10.2226241370/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_02_10.933493267/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_02_10.3965564115/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca/..2024_07_25_13_02_10.662489473/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_02_10.2581373418/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_02_10.978118440/bundle.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_02_10.2158392424/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_02_10.2581373418, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_02_10.2158392424, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_02_10.3965564115, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca/..2024_07_25_13_02_10.662489473, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_02_10.978118440, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_02_10.2226241370, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_02_10.933493267, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address5-24.pem, ownerUser: 0, ownerGroup: 0 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address5-26.pem, ownerUser: 0, ownerGroup: 0 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- cluster: shoot details: fileName: /var/lib/kubelet/pki, ownerUser: 0, ownerGroup: 0 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_05_26.2518867880/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_05_26.2518867880, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_05_26.2518867880/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_05_26.2518867880, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address4-02.pem, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address4-00.pem, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- cluster: shoot details: fileName: /var/lib/kubelet/pki, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_15_47.153294224/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_15_47.153294224, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_15_47.153294224/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_15_47.153294224, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address3-43.pem, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address3-45.pem, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- cluster: shoot details: fileName: /var/lib/kubelet/pki, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_03_47.2022085892/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_03_47.2022085892, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_03_47.2022085892/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_03_47.2022085892, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- openstack
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_02_16.1569774485/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_02_16.1569774485, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952/bundle.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.key, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803, ownerUser: 0, ownerGroup: 0 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca/..2024_07_25_13_01_59.991544212/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271/ca.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483/ca.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca/..2024_07_25_13_01_59.991544212, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_00_42.2442118241/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_00_42.3330985798/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_00_42.3182125229/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca/..2024_07_25_13_00_42.3474913291/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_00_42.1762643519/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_00_42.1536609594/bundle.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/ca.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323/tls.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323/tls.key, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_00_42.232080975/bundle.crt, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_00_42.2442118241, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_00_42.3330985798, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_00_42.3182125229, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_00_42.1536609594, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_00_42.232080975, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca/..2024_07_25_13_00_42.3474913291, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_00_42.1762643519, ownerUser: 0, ownerGroup: 65532 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address4-55.pem, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address4-53.pem, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- cluster: shoot details: fileName: /var/lib/kubelet/pki, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_09_26.539881115/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_09_26.539881115, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_09_26.539881115/ca.crt, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_09_26.539881115, ownerUser: 0, ownerGroup: 0 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- aws
-
File has expected owners
-
The Kubernetes kubelet KubeConfig must have file permissions set to 644 or more restrictive (MEDIUM 242452)
-
File has expected permissions
- aws
- details: fileName: /var/lib/kubelet/kubeconfig-real, permissions: 600 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- details: fileName: /var/lib/kubelet/config/kubelet, permissions: 644 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- details: fileName: /var/lib/kubelet/kubeconfig-real, permissions: 600 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- details: fileName: /var/lib/kubelet/config/kubelet, permissions: 644 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- details: fileName: /var/lib/kubelet/kubeconfig-real, permissions: 600 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- details: fileName: /var/lib/kubelet/config/kubelet, permissions: 644 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- details: fileName: /var/lib/kubelet/kubeconfig-real, permissions: 600 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- details: fileName: /var/lib/kubelet/config/kubelet, permissions: 644 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
File has expected permissions
-
The Kubernetes kubelet KubeConfig file must be owned by root (MEDIUM 242453)
-
File has expected owners
- aws
- details: fileName: /var/lib/kubelet/kubeconfig-real, ownerUser: 0, ownerGroup: 0 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- details: fileName: /var/lib/kubelet/config/kubelet, ownerUser: 0, ownerGroup: 0 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- details: fileName: /var/lib/kubelet/kubeconfig-real, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- details: fileName: /var/lib/kubelet/config/kubelet, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- details: fileName: /var/lib/kubelet/kubeconfig-real, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- details: fileName: /var/lib/kubelet/config/kubelet, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- details: fileName: /var/lib/kubelet/kubeconfig-real, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- details: fileName: /var/lib/kubelet/config/kubelet, ownerUser: 0, ownerGroup: 0 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
File has expected owners
-
The Kubernetes etcd must have file permissions set to 644 or more restrictive (MEDIUM 242459)
-
File has expected permissions
- aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/safe_guard, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/safe_guard, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-fd95950b-9370-4572-949e-1b89bffc322c/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/safe_guard, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~csi/pv-shoot--garden--aws-ha-eu1-35612ac2-a2b9-4090-a96e-9769ae4951b1/mount/safe_guard, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/safe_guard, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/safe_guard, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~csi/pv-shoot--garden--az-ha-eu1-3c6cb2de-811b-4aba-a0cf-f1adf2e54dc7/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/safe_guard, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/safe_guard, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~csi/pv--e9f0c993-3a2f-4339-9fa0-3be12b6ba0ff/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/safe_guard, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-52fa48e7-f13b-4e8e-9c28-93e60a287d73/mount/safe_guard, permissions: 600 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/safe_guard, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/snap/db, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/wal/0.tmp, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/new.etcd/member/wal/0000000000000000-0000000000000000.wal, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~csi/pv-shoot--garden--cc-ha-eu1-41094dbc-7a38-4451-9f23-2f3a958aec41/mount/safe_guard, permissions: 600 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- aws
-
File has expected permissions
-
The Kubernetes admin.conf must have file permissions set to 644 or more restrictive (MEDIUM 242460)
-
File has expected permissions
- aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_03_32.2849634808/bundle.crt, permissions: 644 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055/tls.crt, permissions: 640 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055/tls.key, permissions: 640 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~configmap/kube-scheduler-config/..2024_07_25_13_03_32.3178977814/config.yaml, permissions: 644 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_03_32.4108013154/kubeconfig, permissions: 644 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_03_32.4108013154/token, permissions: 644 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_02_10.2226241370/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_02_10.933493267/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_02_10.3965564115/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~configmap/audit-policy-config/..2024_07_25_13_02_10.919451044/audit-policy.yaml, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~configmap/admission-config/..2024_07_25_13_02_10.557863803/podsecurity.yaml, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~configmap/admission-config/..2024_07_25_13_02_10.557863803/admission-configuration.yaml, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca/..2024_07_25_13_02_10.662489473/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-encryption-secret/..2024_07_25_13_02_10.226502613/encryption-configuration.yaml, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/service-account-key/..2024_07_25_13_02_10.2933211119/id_rsa, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_02_10.2581373418/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_02_10.978118440/bundle.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~configmap/egress-selection-config/..2024_07_25_13_02_10.2023717197/egress-selector-configuration.yaml, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/static-token/..2024_07_25_13_02_10.1624455993/static_tokens.csv, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/ca.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_02_10.2158392424/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca/..2024_07_25_13_03_07.1368478840/bundle.crt, permissions: 644 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912/ca.crt, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912/ca.key, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/service-account-key/..2024_07_25_13_03_07.736850249/id_rsa, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760/tls.crt, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760/tls.key, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478/ca.crt, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478/ca.key, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_03_23.915608683/kubeconfig, permissions: 644 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_03_23.915608683/token, permissions: 644 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca/..2024_07_25_13_01_59.991544212/bundle.crt, permissions: 644 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271/ca.crt, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271/ca.key, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/service-account-key/..2024_07_25_13_01_59.3581293990/id_rsa, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195/tls.crt, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195/tls.key, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483/ca.crt, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483/ca.key, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_02_03.3923270535/kubeconfig, permissions: 644 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_02_03.3923270535/token, permissions: 644 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_02_16.1569774485/bundle.crt, permissions: 644 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041/tls.crt, permissions: 640 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041/tls.key, permissions: 640 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~configmap/kube-scheduler-config/..2024_07_25_13_02_16.2132886517/config.yaml, permissions: 644 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_02_19.2500005201/token, permissions: 644 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/kubeconfig/..2024_07_25_13_02_19.2500005201/kubeconfig, permissions: 644 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_00_42.2442118241/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_00_42.3330985798/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_00_42.3182125229/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~configmap/audit-policy-config/..2024_07_25_13_00_42.2870882805/audit-policy.yaml, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~configmap/admission-config/..2024_07_25_13_00_42.3675300062/podsecurity.yaml, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~configmap/admission-config/..2024_07_25_13_00_42.3675300062/admission-configuration.yaml, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca/..2024_07_25_13_00_42.3474913291/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-encryption-secret/..2024_07_25_13_00_42.531503639/encryption-configuration.yaml, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/service-account-key/..2024_07_25_13_00_42.322496126/id_rsa, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_00_42.1762643519/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_00_42.1536609594/bundle.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~configmap/egress-selection-config/..2024_07_25_13_00_42.3637718223/egress-selector-configuration.yaml, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/static-token/..2024_07_25_13_00_42.2571933157/static_tokens.csv, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/ca.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_00_42.232080975/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- aws
-
File has expected permissions
-
The Kubernetes API Server audit logs must be enabled (MEDIUM 242461)
-
Option audit-policy-file set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option audit-policy-file set.
-
The Kubernetes PKI CRT must have file permissions set to 644 or more restrictive (MEDIUM 242466)
-
File has expected permissions
- aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977/bundle.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/ca.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977/bundle.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/ca.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca/..2024_07_25_13_03_07.1368478840/bundle.crt, permissions: 644 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912/ca.crt, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760/tls.crt, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478/ca.crt, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_03_32.2849634808/bundle.crt, permissions: 644 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055/tls.crt, permissions: 640 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_02_10.2226241370/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_02_10.933493267/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_02_10.3965564115/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca/..2024_07_25_13_02_10.662489473/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_02_10.2581373418/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/ca.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115/tls.crt, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_02_10.2158392424/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068/bundle.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/ca.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068/bundle.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/ca.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address5-24.pem, permissions: 600 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address5-26.pem, permissions: 600 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_05_26.2518867880/ca.crt, permissions: 644 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/86529276-a42f-4936-b124-a9c8086e0817/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_05_26.2518867880/ca.crt, permissions: 644 kind: pod name: kube-proxy-worker-kkfk1-v1.28.10-jlnp7 namespace: kube-system
- azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171/bundle.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/ca.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171/bundle.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/ca.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address4-02.pem, permissions: 600 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address4-00.pem, permissions: 600 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_15_47.153294224/ca.crt, permissions: 644 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/c67ede99-8319-4733-8147-b982a812c98b/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_15_47.153294224/ca.crt, permissions: 644 kind: pod name: kube-proxy-worker-g7p4p-v1.28.10-rd228 namespace: kube-system
- gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049/bundle.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/ca.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049/bundle.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/ca.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address3-43.pem, permissions: 600 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address3-45.pem, permissions: 600 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_03_47.2022085892/ca.crt, permissions: 644 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/9c47266d-9ffc-404b-8ebd-3b875deb4702/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_03_47.2022085892/ca.crt, permissions: 644 kind: pod name: kube-proxy-worker-bex82-v1.28.10-vdtfc namespace: kube-system
- openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca/..2024_07_25_13_01_59.991544212/bundle.crt, permissions: 644 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271/ca.crt, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195/tls.crt, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483/ca.crt, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~projected/client-ca/..2024_07_25_13_02_16.1569774485/bundle.crt, permissions: 644 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041/tls.crt, permissions: 640 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997/bundle.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/ca.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997/bundle.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/ca.crt, permissions: 644 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952/bundle.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/ca.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952/bundle.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/ca.crt, permissions: 644 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_00_42.2442118241/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_00_42.3330985798/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-front-proxy/..2024_07_25_13_00_42.3182125229/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca/..2024_07_25_13_00_42.3474913291/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-vpn/..2024_07_25_13_00_42.1762643519/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/ca.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323/tls.crt, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/ca-etcd/..2024_07_25_13_00_42.232080975/bundle.crt, permissions: 644 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address4-55.pem, permissions: 600 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address4-53.pem, permissions: 600 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- cluster: shoot containerName: kube-proxy details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_09_26.539881115/ca.crt, permissions: 644 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- cluster: shoot containerName: conntrack-fix details: fileName: /var/lib/kubelet/pods/3a896a5b-121e-4002-b774-32b920cf61b3/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_13_09_26.539881115/ca.crt, permissions: 644 kind: pod name: kube-proxy-worker-dqty2-v1.28.10-p2ssj namespace: kube-system
- aws
-
File has expected permissions
-
The Kubernetes PKI keys must have file permissions set to 600 or more restrictive (MEDIUM 242467)
-
File has expected permissions
- aws
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/b4ab7c5a-7f34-4a9f-9a1a-c458680774ae/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_03_32.95238055/tls.key, permissions: 640 kind: pod name: kube-scheduler-7578c654bc-hkrb6 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_03_07.2977859912/ca.key, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/server/..2024_07_25_13_03_07.2872104760/tls.key, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/17b59f93-1234-4095-b237-047f69079654/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_03_07.424642478/ca.key, permissions: 640 kind: pod name: kube-controller-manager-744589d556-krzm2 namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/server/..2024_07_25_13_02_10.141438377/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_02_10.978118440/bundle.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_02_10.874163962/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_02_10.3397907710/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_02_10.3506294053/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_02_10.3094998726/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/d1f9c1d3-278c-44c0-b023-2b465e7f7f07/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_02_10.3837573115/tls.key, permissions: 640 kind: pod name: kube-apiserver-76d9c64f5b-8s7gv namespace: shoot--diki-comp--aws
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address5-24.pem, permissions: 600 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address5-26.pem, permissions: 600 kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address4-02.pem, permissions: 600 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address4-00.pem, permissions: 600 kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- gcp
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address3-43.pem, permissions: 600 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address3-45.pem, permissions: 600 kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-client/..2024_07_25_13_01_59.3068992271/ca.key, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/server/..2024_07_25_13_01_59.311037195/tls.key, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-controller-manager details: fileName: /var/lib/kubelet/pods/fe9a8ddb-08d1-4b46-8936-78de420b80f8/volumes/kubernetes.io~secret/ca-kubelet/..2024_07_25_13_01_59.1987301483/ca.key, permissions: 640 kind: pod name: kube-controller-manager-699b9d5ddc-9dmsx namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-scheduler details: fileName: /var/lib/kubelet/pods/dd1157b0-0692-44ba-9df2-607e31628d92/volumes/kubernetes.io~secret/kube-scheduler-server/..2024_07_25_13_02_16.3362231041/tls.key, permissions: 640 kind: pod name: kube-scheduler-754b48d9b7-wm2xh namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/server/..2024_07_25_13_00_42.1009608694/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/service-account-key-bundle/..2024_07_25_13_00_42.1536609594/bundle.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kube-aggregator/..2024_07_25_13_00_42.3154059943/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/kubelet-client/..2024_07_25_13_00_42.1321475187/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/http-proxy/..2024_07_25_13_00_42.2684688169/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/tls-sni-0/..2024_07_25_13_00_42.2482923120/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: kube-apiserver details: fileName: /var/lib/kubelet/pods/48589daa-0b30-4755-b4e2-f0f91db6f456/volumes/kubernetes.io~secret/etcd-client/..2024_07_25_13_00_42.2512843323/tls.key, permissions: 640 kind: pod name: kube-apiserver-7fb7b9b4cd-7tkz9 namespace: shoot--diki-comp--openstack
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-server-2024-0IP-Address4-55.pem, permissions: 600 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- cluster: shoot details: fileName: /var/lib/kubelet/pki/kubelet-client-2024-0IP-Address4-53.pem, permissions: 600 kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- aws
-
File has expected permissions
-
Kubernetes Kubelet must not disable timeouts (MEDIUM 245541)
-
Option streamingConnectionIdleTimeout set to allowed value.
- aws
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- kind: node name: ip-IP-Address.eu-west-1.compute.internal
- azure
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xr5mw
- kind: node name: shoot--diki-comp--azure-worker-g7p4p-z3-78697-xxs7v
- gcp
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-9ks54
- kind: node name: shoot--diki-comp--gcp-worker-bex82-z1-7cf97-p9r2r
- openstack
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-7v2zs
- kind: node name: shoot--diki-comp--openstack-worker-dqty2-z1-65475-vw5jb
- aws
-
Option streamingConnectionIdleTimeout set to allowed value.
-
Kubernetes API Server must disable basic authentication to protect information in transit (HIGH 245542)
-
Option basic-auth-file has not been set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option basic-auth-file has not been set.
-
Kubernetes endpoints must use approved organizational certificate and key pair to protect information in transit (HIGH 245544)
-
Option kubelet-client-certificate set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option kubelet-client-key set.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
Option kubelet-client-certificate set.
-
Kubernetes must have a Pod Security Admission control file configured (HIGH 254800)
-
PodSecurity is properly configured
- aws
- kind: PodSecurityConfiguration
- azure
- kind: PodSecurityConfiguration
- gcp
- kind: PodSecurityConfiguration
- openstack
- kind: PodSecurityConfiguration
- aws
-
PodSecurity is properly configured
-
The Kubernetes Controller Manager must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination (MEDIUM 242376)
-
🔵 Skipped
-
The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination (MEDIUM 242380)
-
ETCD runs as a single instance, peer communication options are not used.
- aws
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--aws
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--aws
- azure
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--azure
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--azure
- gcp
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--gcp
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--gcp
- openstack
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--openstack
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--openstack
- aws
-
ETCD runs as a single instance, peer communication options are not used.
-
The Kubernetes Scheduler must have secure binding (MEDIUM 242384)
-
The Kubernetes Scheduler runs in a container which already has limited access to network interfaces. In addition ingress traffic to the Kubernetes Scheduler is restricted via network policies, making an unintended exposure less likely.
- aws
- azure
- gcp
- openstack
- aws
-
The Kubernetes Scheduler runs in a container which already has limited access to network interfaces. In addition ingress traffic to the Kubernetes Scheduler is restricted via network policies, making an unintended exposure less likely.
-
The Kubernetes Controller Manager must have secure binding (MEDIUM 242385)
-
The Kubernetes Controller Manager runs in a container which already has limited access to network interfaces. In addition ingress traffic to the Kubernetes Controller Manager is restricted via network policies, making an unintended exposure less likely.
- aws
- azure
- gcp
- openstack
- aws
-
The Kubernetes Controller Manager runs in a container which already has limited access to network interfaces. In addition ingress traffic to the Kubernetes Controller Manager is restricted via network policies, making an unintended exposure less likely.
-
Kubernetes Kubectl cp command must give expected access and results (MEDIUM 242396)
-
"kubectl" is not installed into control plane pods or worker nodes and Gardener does not offer Kubernetes v1.12 or older.
- aws
- azure
- gcp
- openstack
- aws
-
"kubectl" is not installed into control plane pods or worker nodes and Gardener does not offer Kubernetes v1.12 or older.
-
Kubernetes DynamicAuditing must not be enabled (MEDIUM 242398)
-
Option feature-gates.DynamicAuditing removed in Kubernetes v1.19.
- aws
- azure
- gcp
- openstack
- aws
-
Option feature-gates.DynamicAuditing removed in Kubernetes v1.19.
-
Kubernetes DynamicKubeletConfig must not be enabled (MEDIUM 242399)
-
Option featureGates.DynamicKubeletConfig removed in Kubernetes v1.26.
- aws
- details: Used Kubernetes version 1.28.10.
- azure
- details: Used Kubernetes version 1.28.10.
- gcp
- details: Used Kubernetes version 1.28.10.
- openstack
- details: Used Kubernetes version 1.28.10.
- aws
-
Option featureGates.DynamicKubeletConfig removed in Kubernetes v1.26.
-
Kubernetes manifests must be owned by root (MEDIUM 242405)
-
Gardener does not deploy any control plane component as systemd processes or static pod.
- aws
- azure
- gcp
- openstack
- aws
-
Gardener does not deploy any control plane component as systemd processes or static pod.
-
The Kubernetes manifest files must have least privileges (MEDIUM 242408)
-
Gardener does not deploy any control plane component as systemd processes or static pod.
- aws
- azure
- gcp
- openstack
- aws
-
Gardener does not deploy any control plane component as systemd processes or static pod.
-
The Kubernetes API Server must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) (MEDIUM 242410)
-
Cannot be tested and should be enforced organizationally. Gardener uses a minimum of known and automatically opened/used/created ports/protocols/services (PPSM stands for Ports, Protocols, Service Management).
- aws
- azure
- gcp
- openstack
- aws
-
Cannot be tested and should be enforced organizationally. Gardener uses a minimum of known and automatically opened/used/created ports/protocols/services (PPSM stands for Ports, Protocols, Service Management).
-
The Kubernetes Scheduler must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) (MEDIUM 242411)
-
Cannot be tested and should be enforced organizationally. Gardener uses a minimum of known and automatically opened/used/created ports/protocols/services (PPSM stands for Ports, Protocols, Service Management).
- aws
- azure
- gcp
- openstack
- aws
-
Cannot be tested and should be enforced organizationally. Gardener uses a minimum of known and automatically opened/used/created ports/protocols/services (PPSM stands for Ports, Protocols, Service Management).
-
The Kubernetes Controllers must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) (MEDIUM 242412)
-
Cannot be tested and should be enforced organizationally. Gardener uses a minimum of known and automatically opened/used/created ports/protocols/services (PPSM stands for Ports, Protocols, Service Management).
- aws
- azure
- gcp
- openstack
- aws
-
Cannot be tested and should be enforced organizationally. Gardener uses a minimum of known and automatically opened/used/created ports/protocols/services (PPSM stands for Ports, Protocols, Service Management).
-
The Kubernetes etcd must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) (MEDIUM 242413)
-
Cannot be tested and should be enforced organizationally. Gardener uses a minimum of known and automatically opened/used/created ports/protocols/services (PPSM stands for Ports, Protocols, Service Management).
- aws
- azure
- gcp
- openstack
- aws
-
Cannot be tested and should be enforced organizationally. Gardener uses a minimum of known and automatically opened/used/created ports/protocols/services (PPSM stands for Ports, Protocols, Service Management).
-
Kubernetes etcd must enable client authentication to secure service (MEDIUM 242426)
-
ETCD runs as a single instance, peer communication options are not used.
- aws
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--aws
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--aws
- azure
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--azure
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--azure
- gcp
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--gcp
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--gcp
- openstack
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--openstack
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--openstack
- aws
-
ETCD runs as a single instance, peer communication options are not used.
-
Kubernetes etcd must have peer-cert-file set for secure communication (MEDIUM 242432)
-
ETCD runs as a single instance, peer communication options are not used.
- aws
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--aws
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--aws
- azure
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--azure
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--azure
- gcp
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--gcp
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--gcp
- openstack
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--openstack
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--openstack
- aws
-
ETCD runs as a single instance, peer communication options are not used.
-
Kubernetes etcd must have a peer-key-file set for secure communication (MEDIUM 242433)
-
ETCD runs as a single instance, peer communication options are not used.
- aws
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--aws
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--aws
- azure
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--azure
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--azure
- gcp
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--gcp
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--gcp
- openstack
- kind: statefulSet name: etcd-main namespace: shoot--diki-comp--openstack
- kind: statefulSet name: etcd-events namespace: shoot--diki-comp--openstack
- aws
-
ETCD runs as a single instance, peer communication options are not used.
-
Kubernetes must have a pod security policy set (HIGH 242437)
-
PSPs are removed in K8s version 1.25.
- aws
- azure
- gcp
- openstack
- aws
-
PSPs are removed in K8s version 1.25.
-
Kubernetes must contain the latest updates as authorized by IAVMs, CTOs, DTMs, and STIGs (MEDIUM 242443)
-
Scanning/patching security vulnerabilities should be enforced organizationally. Security vulnerability scanning should be automated and maintainers should be informed automatically.
- aws
- azure
- gcp
- openstack
- aws
-
Scanning/patching security vulnerabilities should be enforced organizationally. Security vulnerability scanning should be automated and maintainers should be informed automatically.
-
Kubernetes component manifests must be owned by root (MEDIUM 242444)
-
Rule is duplicate of "242405"
- aws
- azure
- gcp
- openstack
- aws
-
Rule is duplicate of "242405"
-
Kubernetes kubeadm.conf must be owned by root(MEDIUM 242454)
-
Gardener does not use "kubeadm" and also does not store any "main config" anywhere in seed or shoot (flow/component logic built-in/in-code).
- aws
- azure
- gcp
- openstack
- aws
-
Gardener does not use "kubeadm" and also does not store any "main config" anywhere in seed or shoot (flow/component logic built-in/in-code).
-
Kubernetes kubeadm.conf must have file permissions set to 644 or more restrictive (MEDIUM 242455)
-
Gardener does not use "kubeadm" and also does not store any "main config" anywhere in seed or shoot (flow/component logic built-in/in-code).
- aws
- azure
- gcp
- openstack
- aws
-
Gardener does not use "kubeadm" and also does not store any "main config" anywhere in seed or shoot (flow/component logic built-in/in-code).
-
Kubernetes kubelet config must have file permissions set to 644 or more restrictive (MEDIUM 242456)
-
Rule is duplicate of "242452".
- aws
- azure
- gcp
- openstack
- aws
-
Rule is duplicate of "242452".
-
Kubernetes kubelet config must be owned by root (MEDIUM 242457)
-
Rule is duplicate of "242453".
- aws
- azure
- gcp
- openstack
- aws
-
Rule is duplicate of "242453".
-
Kubernetes API Server audit log path must be set (MEDIUM 242465)
-
Rule is duplicate of "242402"
- aws
- azure
- gcp
- openstack
- aws
-
Rule is duplicate of "242402"
-
Kubernetes must enable PodSecurity admission controller on static pods and Kubelets (HIGH 254801)
-
Option featureGates.PodSecurity was made GA in v1.25 and removed in v1.28.
- aws
- azure
- gcp
- openstack
- aws
-
Option featureGates.PodSecurity was made GA in v1.25 and removed in v1.28.
-
The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination (MEDIUM 242380)
-
🔵 Accepted
-
The Kubernetes API Server must have an audit log path set (MEDIUM 242402)
-
Gardener can integrate with different audit logging solutions
- aws
- azure
- gcp
- openstack
- aws
-
Gardener can integrate with different audit logging solutions
-
The Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event (MEDIUM 242403)
-
Gardener can integrate with different audit logging solutions
- aws
- azure
- gcp
- openstack
- aws
-
Gardener can integrate with different audit logging solutions
-
The Kubernetes cluster must use non-privileged host ports for user pods (MEDIUM 242414)
-
node local dns requires port 53 in order to operate properly
- aws
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-6kjdw namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-6kjdw namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-ws9mx namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-ws9mx namespace: kube-system
- azure
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-s2lvs namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-s2lvs namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-zs2sb namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-zs2sb namespace: kube-system
- gcp
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-cl4xr namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-cl4xr namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-kz9nr namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-kz9nr namespace: kube-system
- openstack
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-jdng7 namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-jdng7 namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-r8z88 namespace: kube-system
- cluster: shoot details: containerName: node-cache, port: 53 kind: pod name: node-local-dns-r8z88 namespace: kube-system
- aws
-
node local dns requires port 53 in order to operate properly
-
The Kubernetes API Server must be set to audit log max size (MEDIUM 242462)
-
Gardener can integrate with different audit logging solutions
- aws
- azure
- gcp
- openstack
- aws
-
Gardener can integrate with different audit logging solutions
-
The Kubernetes API Server must be set to audit log maximum backup (MEDIUM 242463)
-
Gardener can integrate with different audit logging solutions
- aws
- azure
- gcp
- openstack
- aws
-
Gardener can integrate with different audit logging solutions
-
The Kubernetes API Server audit log retention must be set (MEDIUM 242464)
-
Gardener can integrate with different audit logging solutions
- aws
- azure
- gcp
- openstack
- aws
-
Gardener can integrate with different audit logging solutions
-
Kubernetes API Server must disable token authentication to protect information in transit (HIGH 245543)
-
All defined tokens are accepted.
- aws
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--aws
- azure
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--azure
- gcp
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--gcp
- openstack
- kind: deployment name: kube-apiserver namespace: shoot--diki-comp--openstack
- aws
-
All defined tokens are accepted.
-
The Kubernetes API Server must have an audit log path set (MEDIUM 242402)
-
🟠 Warning
-
The Kubernetes component etcd must be owned by etcd (MEDIUM 242445)
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
- azure
- kind: referenceGroup name: etcd-events uid: f0537c21-2987-42a5-a15b-7cf16beff82f
- gcp
- kind: referenceGroup name: etcd-events uid: 223e03f1-a5ad-49da-b569-9e365eda153f
- azure
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
-
The Kubernetes conf files must be owned by root (MEDIUM 242446)
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
- azure
- kind: referenceGroup name: kube-controller-manager-86f5fc4fc7 uid: 7fc87649-c1aa-4488-b276-446d96bc0e35
- kind: referenceGroup name: kube-scheduler-9df464f49 uid: ef24775f-39b0-451e-bcd8-e577b834455b
- kind: referenceGroup name: kube-apiserver-86b5d6dbc4 uid: 1edbd5e8-2dc0-4081-b956-ac2faa06d320
- gcp
- kind: referenceGroup name: kube-controller-manager-856b7c9889 uid: 60d0e948-ed0c-455a-8ce6-79099a09059d
- kind: referenceGroup name: kube-scheduler-5d4c7456bd uid: 1f098851-17d6-4bdd-b223-7ac36ff06508
- kind: referenceGroup name: kube-apiserver-6f5746f87 uid: 886baf48-5fcd-4a34-9d81-3c3445552745
- azure
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
-
The Kubernetes component PKI must be owned by root (MEDIUM 242451)
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
- azure
- cluster: seed kind: referenceGroup name: etcd-events uid: f0537c21-2987-42a5-a15b-7cf16beff82f
- cluster: seed kind: referenceGroup name: kube-controller-manager-86f5fc4fc7 uid: 7fc87649-c1aa-4488-b276-446d96bc0e35
- cluster: seed kind: referenceGroup name: kube-scheduler-9df464f49 uid: ef24775f-39b0-451e-bcd8-e577b834455b
- cluster: seed kind: referenceGroup name: kube-apiserver-86b5d6dbc4 uid: 1edbd5e8-2dc0-4081-b956-ac2faa06d320
- gcp
- cluster: seed kind: referenceGroup name: etcd-events uid: 223e03f1-a5ad-49da-b569-9e365eda153f
- cluster: seed kind: referenceGroup name: kube-controller-manager-856b7c9889 uid: 60d0e948-ed0c-455a-8ce6-79099a09059d
- cluster: seed kind: referenceGroup name: kube-scheduler-5d4c7456bd uid: 1f098851-17d6-4bdd-b223-7ac36ff06508
- cluster: seed kind: referenceGroup name: kube-apiserver-6f5746f87 uid: 886baf48-5fcd-4a34-9d81-3c3445552745
- azure
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
-
The Kubernetes etcd must have file permissions set to 644 or more restrictive (MEDIUM 242459)
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
- azure
- kind: referenceGroup name: etcd-events uid: f0537c21-2987-42a5-a15b-7cf16beff82f
- gcp
- kind: referenceGroup name: etcd-events uid: 223e03f1-a5ad-49da-b569-9e365eda153f
- azure
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
-
The Kubernetes admin.conf must have file permissions set to 644 or more restrictive (MEDIUM 242460)
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
- azure
- kind: referenceGroup name: kube-controller-manager-86f5fc4fc7 uid: 7fc87649-c1aa-4488-b276-446d96bc0e35
- kind: referenceGroup name: kube-scheduler-9df464f49 uid: ef24775f-39b0-451e-bcd8-e577b834455b
- kind: referenceGroup name: kube-apiserver-86b5d6dbc4 uid: 1edbd5e8-2dc0-4081-b956-ac2faa06d320
- gcp
- kind: referenceGroup name: kube-controller-manager-856b7c9889 uid: 60d0e948-ed0c-455a-8ce6-79099a09059d
- kind: referenceGroup name: kube-scheduler-5d4c7456bd uid: 1f098851-17d6-4bdd-b223-7ac36ff06508
- kind: referenceGroup name: kube-apiserver-6f5746f87 uid: 886baf48-5fcd-4a34-9d81-3c3445552745
- azure
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
-
The Kubernetes PKI CRT must have file permissions set to 644 or more restrictive (MEDIUM 242466)
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
- azure
- cluster: seed kind: referenceGroup name: kube-controller-manager-86f5fc4fc7 uid: 7fc87649-c1aa-4488-b276-446d96bc0e35
- cluster: seed kind: referenceGroup name: kube-scheduler-9df464f49 uid: ef24775f-39b0-451e-bcd8-e577b834455b
- cluster: seed kind: referenceGroup name: etcd-events uid: f0537c21-2987-42a5-a15b-7cf16beff82f
- cluster: seed kind: referenceGroup name: kube-apiserver-86b5d6dbc4 uid: 1edbd5e8-2dc0-4081-b956-ac2faa06d320
- gcp
- cluster: seed kind: referenceGroup name: etcd-events uid: 223e03f1-a5ad-49da-b569-9e365eda153f
- cluster: seed kind: referenceGroup name: kube-controller-manager-856b7c9889 uid: 60d0e948-ed0c-455a-8ce6-79099a09059d
- cluster: seed kind: referenceGroup name: kube-scheduler-5d4c7456bd uid: 1f098851-17d6-4bdd-b223-7ac36ff06508
- cluster: seed kind: referenceGroup name: kube-apiserver-6f5746f87 uid: 886baf48-5fcd-4a34-9d81-3c3445552745
- azure
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
-
The Kubernetes PKI keys must have file permissions set to 600 or more restrictive (MEDIUM 242467)
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
- azure
- cluster: seed kind: referenceGroup name: etcd-events uid: f0537c21-2987-42a5-a15b-7cf16beff82f
- cluster: seed kind: referenceGroup name: kube-controller-manager-86f5fc4fc7 uid: 7fc87649-c1aa-4488-b276-446d96bc0e35
- cluster: seed kind: referenceGroup name: kube-scheduler-9df464f49 uid: ef24775f-39b0-451e-bcd8-e577b834455b
- cluster: seed kind: referenceGroup name: kube-apiserver-86b5d6dbc4 uid: 1edbd5e8-2dc0-4081-b956-ac2faa06d320
- gcp
- cluster: seed kind: referenceGroup name: etcd-events uid: 223e03f1-a5ad-49da-b569-9e365eda153f
- cluster: seed kind: referenceGroup name: kube-controller-manager-856b7c9889 uid: 60d0e948-ed0c-455a-8ce6-79099a09059d
- cluster: seed kind: referenceGroup name: kube-scheduler-5d4c7456bd uid: 1f098851-17d6-4bdd-b223-7ac36ff06508
- cluster: seed kind: referenceGroup name: kube-apiserver-6f5746f87 uid: 886baf48-5fcd-4a34-9d81-3c3445552745
- azure
-
Reference group cannot be tested since all pods of the group are scheduled on a fully allocated node.
-
The Kubernetes component etcd must be owned by etcd (MEDIUM 242445)
-
🔴 Failed
-
Secrets in Kubernetes must not be stored as environment variables (HIGH 242415)
-
Pod uses environment to inject secret.
- gcp
- cluster: seed details: containerName: backup-restore, variableName: GOOGLE_STORAGE_API_ENDPOINT, keyRef: storageAPIEndpoint kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- gcp
-
Pod uses environment to inject secret.
-
The Kubernetes etcd must have file permissions set to 644 or more restrictive (MEDIUM 242459)
-
File has too wide permissions
- aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_34.1239384448/region, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_34.1239384448/secretAccessKey, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_34.1239384448/accessKeyID, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_34.1239384448/bucketName, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_34.2074945830/etcd.conf.yaml, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_34.1172303068/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_34.2099202019/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_31.3632059657/etcd.conf.yaml, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_31.34789977/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_31.2250314724/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_30.69405982/bucketName, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_30.69405982/storageAccount, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_30.69405982/storageKey, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_30.2940324903/etcd.conf.yaml, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_30.20484171/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_30.1702802701/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_39.2305215472/serviceaccount.json, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_39.2305215472/bucketName, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_39.3264256653/etcd.conf.yaml, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_39.4173641049/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_39.72798489/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/applicationCredentialSecret, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/authURL, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/bucketName, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/domainName, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/region, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/tenantName, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/applicationCredentialID, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/etcd-backup/..2024_07_25_12_59_27.2208747644/applicationCredentialName, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_27.791977657/etcd.conf.yaml, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_27.2143070997/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_27.473498504/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~configmap/etcd-config-file/..2024_07_25_12_59_26.760285163/etcd.conf.yaml, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-ca-etcd/..2024_07_25_12_59_26.899830952/bundle.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/namespace, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/token, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~projected/kube-api-access-gardener/..2024_07_25_12_59_26.617148803/ca.crt, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- aws
-
File has too wide permissions
-
The Kubernetes PKI keys must have file permissions set to 600 or more restrictive (MEDIUM 242467)
-
File has too wide permissions
- aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_34.3978844949/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/a9d384ca-71b3-4ec6-af13-99948f8a9dc0/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_34.455155549/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_31.3506181544/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/58d543b1-6f99-461c-8865-c8e7f8304f2f/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_31.1102049637/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--aws
- azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_30.317963596/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/888beae6-bc5d-4b09-9a47-9743329c77fa/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_30.162676357/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--azure
- gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_39.2209850753/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/c96eb421-2e7e-4751-bca0-11fc953bbd03/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_39.1006602421/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--gcp
- openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_27.3616440099/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/5850d039-ffb6-4474-8fdc-52125f861755/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_27.933106860/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-main-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: etcd details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-server-tls/..2024_07_25_12_59_26.2941679320/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- cluster: seed containerName: backup-restore details: fileName: /var/lib/kubelet/pods/02a926bc-4903-4806-9e8a-43fc0553d701/volumes/kubernetes.io~secret/client-url-etcd-client-tls/..2024_07_25_12_59_26.199464106/tls.key, permissions: 644, expectedPermissionsMax: 640 kind: pod name: etcd-events-0 namespace: shoot--diki-comp--openstack
- aws
-
File has too wide permissions
-
Secrets in Kubernetes must not be stored as environment variables (HIGH 242415)
-
🟢 Passed
4 - Regional Restrictions
Shared Responsibility Model
Gardener, like most cloud providers’ Kubernetes offerings, is dedicated for a global setup. And just like how most cloud providers offer means to fulfil regional restrictions, Gardener also has some means built in for this purpose. Similarly, Gardener also follows a shared responsibility model where users are obliged to use the provided Gardener means in a way which results in compliance with regional restrictions.
Regions
Gardener users need to understand that Gardener is a generic tool and has no built-in knowledge about regions as geographical or political conglomerates. For Gardener, regions are only strings. To create regional restrictions is an obligation of all Gardener users who orchestrate existing Gardener functionality to reach evidence which can be audited later on.
Support for Regional Restrictions
Gardener offers functionality to support the most important kind of regional restrictions in its global setup:
- No Restriction: All seeds in all regions can be allowed to host the control plane of all shoots.
- Restriction by Dedication: Shoots running in a region can be configured so that only dedicated seeds in dedicated regions are allowed to host the shoot’s control plane. This can be achieved by adding labels to a seed and subsequently restricting shoot control plane placement to appropriately labeled seeds by using the field
spec.seedSelector
(example). - Restriction by Tainting: Some seeds running in some dedicated regions are not allowed to host the control plane of any shoots unless explicitly allowed. This can be achieved by tainting seeds appropriately (example) which in turn requires explicit tolerations if a shoot’s control plane should be placed on such tainted seeds (example).