Strengthen Cluster Security with a CIS Kubernetes Benchmark

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

The CIS Kubernetes Benchmark is a useful tool for detcting potential security weakness in the configuration of your cluster. This lab will allow you to practice running the benchmark and addressing security concerns that it uncovers.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Run kube-bench and Obtain a CIS Benchmark Report
  1. Run kube-bench for both the control plane and the worker.

  2. Save the control plane results to /home/cloud_user/kube-bench-control.log.

  3. Save the worker results to /home/cloud_user/kube-bench-worker.log.

Turn Off Profiling for the API Server, Controller Manager, and Scheduler

Make changes to the cluster configuration to fix the following failed tests in the CIS Benchmark output for the control plane.

  • 1.2.18
  • 1.3.2
  • 1.4.1
Set kubelet authn/authz to Use Webhook Mode

Make changes to the cluster configuration to fix test 4.2.2 in the CIS Benchmark output for the worker.

Additional Resources

Your company, SecuriCorp, is using Kubernetes to run a variety of applications. Recently, hackers have been trying various techniques to break into the Kubernetes cluster and steal data.

You have been asked to strengthen the security of the cluster. Run a CIS Kubernetes Benchmark evaluation using kube-bench and address some of the cluster security issues.

Sidenote: In your own environments, you can install kube-bench via these instructions:

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?