CIS K8s boolean cli arguments rules perform case sensitive check

[moukoublen]

Describe the bug CIS K8s rules:

1.2.18: Verify that the --profiling argument is set to false for kube-apiserver. 1.3.2: Verify that the --profiling argument is set to false for kube-controller-manager. 1.4.1: Verify that the --profiling argument is set to false for kube-scheduler. 2.2: Verify that the --client-cert-auth argument is set to true for etcd.

Evaluate to fail when the boolean values are True/False.

Preconditions A k8s cluster with updated the mentioned arguments in control plane to have True/False value. Config files:

• /etc/kubernetes/manifests/kube-apiserver.yaml
• /etc/kubernetes/manifests/kube-controller-manager.yaml
• /etc/kubernetes/manifests/kube-scheduler.yaml
• /etc/kubernetes/manifests/etcd.yaml

To Reproduce Write the exact actions one should perform in order to reproduce the bug. Steps to reproduce the behavior:

1. Install kspm in this cluster

Expected behavior Those rules should pass with boolean values in this format True/False.

Technically the cli boolean flag parsing happens with strconv.ParseBool in all cases.

• k8s uses the library spf13/pflag.
• etcd uses go flag package.

strconv.ParseBool accepts these values:

• "1", "t", "T", "true", "TRUE", "True" as true
• "0", "f", "F", "false", "FALSE", "False" as false