Make Sure Your Kasten Cluster is secure with KUBE BENCH


Userlevel 7
Badge +6

The CIS Benchmarks are essential for finding security issues in IT. CIS-CAT is a tool that can evaluate your systems and provide information on remediating security issues. For Kubernetes you must purchase CIS-CAT PRO.

However, there is an open-source alternative KUBE BENCH. There are various ways to run KUBE BENCH but the simplest is to download the package for your OS and run it in on your controlplane node.

https://github.com/aquasecurity/kube-bench#running-in-a-kubernetes-cluster

 

Download the latest version:

Install the binaries:

 

Run the defined benchmarks, in our case cis-1.5:

 

The results will come out with a convenient colour scheme:

 

 

For each section a count of pass, warn, and fail is provided with a concrete actions to remediate the problems:

 

After taking the necessary corrective measures you can run the tests again.

Now your cluster is lean and mean, next step you need to back it up :)


6 comments

Userlevel 7
Badge +5

Time to get in to Kubernetes. So much to learn. 

Userlevel 7
Badge +3

@Geoff Burke thx for sharing, also for me, a lot to learn about Kubernetes.

Userlevel 6
Badge +1

thx for sharing

Userlevel 7
Badge +3

Lot of learning here, thanks for sharing @Geoff Burke 

Userlevel 7
Badge +2

Time to re-learn as it’s been almost 2yrs since I went through a Pluralsight course. So much I’m sure has changed!

Userlevel 7
Badge +3

@Geoff Burke : More to learn on Kubernetes :) 

Comment