{{{ oval_metadata("The etcd CA should be different from the Kubernetes CA.", rule_title=rule_title) }}} var_etcd_ca_file_hash ^/etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-(serving-ca|all-bundles)/(server-)?ca-bundle.crt$ SHA-256 /etc/kubernetes/static-pod-resources/kube-apiserver-certs/configmaps/client-ca/ca-bundle.crt SHA-256