#!/bin/bash
# remediation = none

mkdir -p "/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig"

cat << EOF > /etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig/openscap-kubeletconfig
{"kubeletconfig":{"enableServer":true,"staticPodPath":"/etc/kubernetes/manifests","syncFrequency":"1m0s","fileCheckFrequency":"20s","httpCheckFrequency":"20s","address":"0.0.0.0","port":10250,"tlsCipherSuites":["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"],"tlsMinVersion":"VersionTLS09","rotateCertificates":true,"serverTLSBootstrap":true,"authentication":{"x509":{"clientCAFile":"/etc/kubernetes/kubelet-ca.crt"},"webhook":{"enabled":true,"cacheTTL":"2m0s"},"anonymous":{"enabled":false}},"authorization":{"mode":"Webhook","webhook":{"cacheAuthorizedTTL":"5m0s","cacheUnauthorizedTTL":"30s"}},"registryPullQPS":5,"registryBurst":10,"eventRecordQPS":0,"eventBurst":10,"enableDebuggingHandlers":true,"healthzPort":10248,"healthzBindAddress":"127.0.0.1","oomScoreAdj":-999,"clusterDomain":"cluster.local","clusterDNS":["172.30.0.10"],"streamingConnectionIdleTimeout":"4h0m0s","nodeStatusUpdateFrequency":"10s","nodeStatusReportFrequency":"5m0s","nodeLeaseDurationSeconds":40,"imageMinimumGCAge":"2m0s","imageGCHighThresholdPercent":85,"imageGCLowThresholdPercent":80,"volumeStatsAggPeriod":"1m0s","systemCgroups":"/system.slice","cgroupRoot":"/","cgroupsPerQOS":true,"cgroupDriver":"systemd","cpuManagerPolicy":"none","cpuManagerReconcilePeriod":"10s","memoryManagerPolicy":"None","topologyManagerPolicy":"none","topologyManagerScope":"container","runtimeRequestTimeout":"2m0s","hairpinMode":"promiscuous-bridge","maxPods":250,"podPidsLimit":4096,"resolvConf":"/etc/resolv.conf","cpuCFSQuota":true,"cpuCFSQuotaPeriod":"100ms","nodeStatusMaxImages":50,"maxOpenFiles":1000000,"contentType":"application/vnd.kubernetes.protobuf","kubeAPIQPS":50,"kubeAPIBurst":100,"serializeImagePulls":false,"evictionPressureTransitionPeriod":"5m0s","enableControllerAttachDetach":true,"makeIPTablesUtilChains":true,"iptablesMasqueradeBit":14,"iptablesDropBit":15,"featureGates":{"APIPriorityAndFairness":true,"CSIMigrationAzureFile":false,"CSIMigrationvSphere":false,"DownwardAPIHugePages":true,"RotateKubeletServerCertificate":true},"failSwapOn":true,"memorySwap":{},"containerLogMaxSize":"50Mi","containerLogMaxFiles":5,"configMapAndSecretChangeDetectionStrategy":"Watch","systemReserved":{"cpu":"500m","ephemeral-storage":"1Gi","memory":"1Gi"},"enforceNodeAllocatable":["pods"],"volumePluginDir":"/etc/kubernetes/kubelet-plugins/volume/exec","providerID":"aws:///us-west-1b/i-0b15fe350572ea633","logging":{"format":"text","flushFrequency":5000000000,"verbosity":2,"options":{"json":{"infoBufferSize":"0"}}},"enableSystemLogHandler":true,"shutdownGracePeriod":"0s","shutdownGracePeriodCriticalPods":"0s","enableProfilingHandler":true,"enableDebugFlagsHandler":true,"seccompDefault":false,"memoryThrottlingFactor":0.8,"registerWithTaints":[{"key":"node-role.kubernetes.io/master","effect":"NoSchedule"}],"registerNode":true,"localStorageCapacityIsolation":true}}
EOF