The Kubernetes CIS Benchmark is a set of best practices for securing a Kubernetes cluster that is published by the Center for Internet Security (CIS). The CIS Benchmark is a valuable resource for securing and hardening a cluster and serves as a great starting point for assessing the security of a cluster. It provides secure configuration guidelines developed for Kubernetes and spans over 250 pages of details on how to secure Kubernetes deployments.
This lab focuses on the kube-bench application by Aqua Security. Kube-bench is highlighted as a reference tool in the Certified Kubernetes Security Specialist (CKS) exam. You will learn how to run CIS Kubernetes Benchmark tests with kube-bench and filter/remediate findings in this lab.
Learning objectives
Upon completion of this lab, you will be able to:
- Use kube-bench to run CIS Kubernetes Benchmark tests on a cluster
- Use various flags to filter the tests and results of the tests
- Take steps to remediate a failed test
Intended audience
- Candidates for the Certified Kubernetes Security Specialist (CKS) exam
- DevOps Engineers
- Security Practitioners
Prerequisites
Familiarity with the following will be beneficial but is not required:
- Kubernetes Pods
kubectloutput formatting
The following content can be used to fulfill the prerequisites:
Daniel is a Lab Operations Specialist with experience as an AWS Engineer and Operations Specialist. He holds the AWS DevOps Engineer Professional, AWS Developer Associate, AWS SysOps Administrator Associate, Certified Kubernetes Administrator, Microsoft Certified: Azure Administrator Associate, and HashiCorp Certified: Terraform Associate certifications. Daniel is focused on lab operations and enjoys continuously building his knowledge.