apiVersion: compliance.openshift.io/v1alpha1 kind: TailoredProfile metadata: name: ocp4-cis-lab annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: "1" spec: extends: ocp4-cis description: Lab CIS profile title: Lab CIS profile disableRules: - name: ocp4-api-server-encryption-provider-cipher rationale: Using letsencrypt certificates, not applicable - name: ocp4-audit-log-forwarding-enabled rationale: Homelab so no log forwarding available - name: ocp4-scc-limit-container-allowed-capabilities rationale: Some containers require extra privileges - name: ocp4-configure-network-policies-namespaces rationale: Home lab supports ad-hoc demos - name: ocp4-api-server-audit-log-maxsize rationale: Home lab, no need for auditing - name: ocp4-ocp-api-server-audit-log-maxsize rationale: Home lab, no need for auditing - name: ocp4-audit-profile-set rationale: Home lab, default auditing is sufficient - name: ocp4-ocp-allowed-registries rationale: Home lab, open registries is fine - name: ocp4-ocp-allowed-registries-for-import rationale: Home lab, open registries is fine - name: ocp4-api-server-api-priority-gate-enabled rationale: Need to understand mis-behaving clients in Home lab - name: ocp4-kubelet-configure-tls-cipher-suites-ingresscontroller rationale: Home lab - name: ocp4-api-server-tls-cipher-suites rationale: Home lab - name: ocp4-kubelet-configure-tls-cipher-suites rationale: Home lab