The CIS Kubernetes Benchmark is a useful tool for detcting potential security weakness in the configuration of your cluster. This lab will allow you to practice running the benchmark and addressing security concerns that it uncovers.
Successfully complete this lab by achieving the following learning objectives:
- Run kube-bench and Obtain a CIS Benchmark Report
Run kube-bench for both the control plane and the worker.
Save the control plane results to
Save the worker results to
- Turn Off Profiling for the API Server, Controller Manager, and Scheduler
Make changes to the cluster configuration to fix the following failed tests in the CIS Benchmark output for the control plane.
- Set kubelet authn/authz to Use Webhook Mode
Make changes to the cluster configuration to fix test
4.2.2in the CIS Benchmark output for the worker.