Description
The Kubernetes CIS Benchmark is a set of best practices for securing a Kubernetes cluster that is published by the Center for Internet Security (CIS). The CIS Benchmark is a valuable resource for securing and hardening a cluster and serves as a great starting point for assessing the security of a cluster. It provides secure configuration guidelines developed for Kubernetes and spans over 250 pages of details on how to secure Kubernetes deployments.
This lab focuses on the kube-bench application by Aqua Security. Kube-bench is highlighted as a reference tool in the Certified Kubernetes Security Specialist (CKS) exam. You will learn how to run CIS Kubernetes Benchmark tests with kube-bench and filter/remediate findings in this lab.
Learning objectives
Upon completion of this lab, you will be able to:
- Use kube-bench to run CIS Kubernetes Benchmark tests on a cluster
- Use various flags to filter the tests and results of the tests
- Take steps to remediate a failed test
Intended audience
- Candidates for the Certified Kubernetes Security Specialist (CKS) exam
- DevOps Engineers
- Security Practitioners
Prerequisites
Familiarity with the following will be beneficial but is not required:
- Kubernetes Pods
kubectloutput formatting
The following content can be used to fulfill the prerequisites:
Updates
July 10th, 2024 - Updated cluster to Kubernetes 1.30
Environment before
Environment after
About the author
Daniel is a Cloud Engineer with experience as an AWS Engineer and Operations Specialist. He holds the AWS DevOps Engineer Professional, AWS Developer Associate, AWS SysOps Administrator Associate, Certified Kubernetes Administrator, Microsoft Certified: Azure Administrator Associate, and HashiCorp Certified: Terraform Associate certifications. Daniel is focused on lab operations and enjoys continuously building his knowledge.