Benchmarks¶
CIS Benchmarks¶
References
- https://www.cisecurity.org/cis-benchmarks
- https://www.cisecurity.org/benchmark/kubernetes
The Center for Internet Security (CIS) provides benchmarks for Kubernetes, etc. These benchmarks are a set of best practices for securing Kubernetes clusters. The benchmarks are available for free and can be downloaded from the CIS website.
They also provide a tool called CIS-CAT that can be used to assess the security of your Kubernetes cluster against the benchmarks. It will generate a report (HTML) that will show you the areas where your cluster is not compliant with the benchmarks.
kube-bench¶
References
https://github.com/aquasecurity/kube-bench
kube-bench is a tool that can be used to run the CIS benchmarks on your Kubernetes cluster. It is an open source project and is available on GitHub.