Running kube-bench

kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

1. Master Node Security Configuration
   • API Server
   • Scheduler
   • Controller Manager
   • Configuration Files
   • etcd
   • General Security Primitives
   • PodSecurityPolicices
2. Workere Node Security Configuration
   • Kubelet
   • Configuration Files

How to run kube-bench

• We can run kube-bench by navigating to the cd /data/kube-bench

kubectl apply -f kube-bench-node.yaml

• Check the job status and get the pod name

kubectl get pods --selector job-name=kube-bench-node

• See the kube-bench node scan results by checking the stdout logs

kubectl logs <PODNAME>

Note: Here we are running only for the Kubernetes nodes as this cluster is managed by GCP. We can also run master checks by referring to https://github.com/aquasecurity/kube-bench