hands-on lab

Assess Kubernetes Cluster Security With Kube-Bench

Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

The Kubernetes CIS Benchmark is a set of best practices for securing a Kubernetes cluster that is published by the Center for Internet Security (CIS). The CIS Benchmark is a valuable resource for securing and hardening a cluster and serves as a great starting point for assessing the security of a cluster. It provides secure configuration guidelines developed for Kubernetes and spans over 250 pages of details on how to secure Kubernetes deployments.

This lab focuses on the kube-bench application by Aqua Security. Kube-bench is highlighted as a reference tool in the Certified Kubernetes Security Specialist (CKS) exam. You will learn how to run CIS Kubernetes Benchmark tests with kube-bench and filter/remediate findings in this lab.

Learning objectives

Upon completion of this lab, you will be able to:

  • Use kube-bench to run CIS Kubernetes Benchmark tests on a cluster
  • Use various flags to filter the tests and results of the tests
  • Take steps to remediate a failed test

Intended audience

  • Candidates for the Certified Kubernetes Security Specialist (CKS) exam
  • DevOps Engineers
  • Security Practitioners


Familiarity with the following will be beneficial but is not required:

  • Kubernetes Pods
  • kubectl output formatting

The following content can be used to fulfill the prerequisites:

Environment before
Environment after
About the author
Daniel Wood, opens in a new tab
Lab Operations Engineer

Daniel is a Cloud Engineer with experience as an AWS Engineer and Operations Specialist. He holds the AWS DevOps Engineer Professional, AWS Developer Associate, AWS SysOps Administrator Associate, Certified Kubernetes Administrator, Microsoft Certified: Azure Administrator Associate, and HashiCorp Certified: Terraform Associate certifications. Daniel is focused on lab operations and enjoys continuously building his knowledge.

Covered topics
Lab steps
Connecting to the Kubernetes Cluster
Using Kube-Bench to Assess Cluster Security
Correct a Kube-Bench Check