This lab guides the student through the creation of a Kubernetes cluster using the kops installer. After the cluster is initialized, the Aquasec kube-bench utility is used to evaluate the master node configuration against the CIS Benchmark. Then, three failed tests are remediated, by manually updating the kube-apiserver manifest.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Use kops to Create the Cluster
- Run the provided k8s script and create the Kubernetes cluster.
Validate the cluster.
Note: This will take some time to come up. Give this step 5 to 10 minutes to complete.
- Retrieve a Connect String from Amazon AWS and Connect to the Master Node
Use the Amazon AWS Console and retrieve a connect string for the master node. Then use ssh to connect to the master node.
Note: You can get the connection information from the output provided when you create the cluster.
- Run the AquaSec kube-bench Utility on the Master Node
- Using Docker, pull down the latest
kube-benchimage. - Execute a
kube-benchrun against themasternode and output the results to a file.
- Using Docker, pull down the latest
- Remediate Failed Tests 1.1.2, 1.1.5, and 1.1.6
- Use the process status command to look at the current apiserver arguments.
- Use the vi editory as super user to edit the kube apiserver manifest.
- Edit the test recommendations per the remediation listed in the kube-bench report.
- Rerun the kube-bench report after the api server has restarted.
- Compare the old and new reports using the Linux diff command.
