Benchmarks

CIS Benchmarks

ℹ️

References

https://www.cisecurity.org/cis-benchmarks (opens in a new tab)
https://www.cisecurity.org/benchmark/kubernetes (opens in a new tab)

The Center for Internet Security (CIS) provides benchmarks for Kubernetes, etc. These benchmarks are a set of best practices for securing Kubernetes clusters. The benchmarks are available for free and can be downloaded (opens in a new tab) from the CIS website.

They also provide a tool called CIS-CAT that can be used to assess the security of your Kubernetes cluster against the benchmarks. It will generate a report (HTML) that will show you the areas where your cluster is not compliant with the benchmarks.

CIS-CAT Lite (opens in a new tab)
CIS-CAT Pro (opens in a new tab)

kube-bench

ℹ️

References

https://github.com/aquasecurity/kube-bench (opens in a new tab)

kube-bench is a tool that can be used to run the CIS benchmarks on your Kubernetes cluster. It is an open source project and is available on GitHub.

4C's of Cloud-Native Kubernetes Security Authentication