Lab
A Cloud Guru

Strengthen Cluster Security with a CIS Kubernetes Benchmark

The CIS Kubernetes Benchmark is a useful tool for detcting potential security weakness in the configuration of your cluster. This lab will allow you to practice running the benchmark and addressing security concerns that it uncovers.

Try for free Contact sales

Path Info

Level

Advanced

Duration

30m

Published

May 19, 2021

Challenge

Run kube-bench and Obtain a CIS Benchmark Report
1. Run kube-bench for both the control plane and the worker.
2. Save the control plane results to /home/cloud_user/kube-bench-control.log.
3. Save the worker results to /home/cloud_user/kube-bench-worker.log.
Challenge

Turn Off Profiling for the API Server, Controller Manager, and Scheduler
Make changes to the cluster configuration to fix the following failed tests in the CIS Benchmark output for the control plane.
- 1.2.17
- 1.3.2
- 1.4.1
Challenge

Set kubelet authn/authz to Use Webhook Mode

Make changes to the cluster configuration to fix test 4.2.2 in the CIS Benchmark output for the worker.

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.