Kubernetes CIS Benchmarks are the security configuration best practices that are accepted by industry experts. The CIS Benchmark guide can be download as a PDF file from the Center for Internet Security (CIS) website at https://www.cisecurity.org/. kube-bench is an application that automates documented checks.
In this section, we will cover the installation and use of the open source kube-bench tool to run Kubernetes CIS Benchmarks for security auditing of Kubernetes clusters.
For this recipe, we need to have a Kubernetes cluster ready and the Kubernetes command-line tool kubectl installed.
Clone the k8sdevopscookbook/src repository to your workstation to use the manifest files in the chapter9 directory, as follows:
$ git clone https://github.com/k8sdevopscookbook/src.git
$ cd src/chapter9/cis
Some of the tests target Kubernetes nodes and can only be executed on fully self-managed clusters where you have control over the...