The CIS Benchmarks are essential for finding security issues in IT. CIS-CAT is a tool that can evaluate your systems and provide information on remediating security issues. For Kubernetes you must purchase CIS-CAT PRO.
However, there is an open-source alternative KUBE BENCH. There are various ways to run KUBE BENCH but the simplest is to download the package for your OS and run it in on your controlplane node.
Download the latest version:
Install the binaries:
Run the defined benchmarks, in our case cis-1.5:
The results will come out with a convenient colour scheme:
For each section a count of pass, warn, and fail is provided with a concrete actions to remediate the problems:
After taking the necessary corrective measures you can run the tests again.
Now your cluster is lean and mean, next step you need to back it up :)