CIS Benchmark

https://www.cisecurity.org/benchmark/kubernetes

https://learn.microsoft.com/en-us/azure/aks/cis-kubernetes

kube-bench

https://github.com/aquasecurity/kube-bench

$ kubectl apply -f https://github.com/aquasecurity/kube-bench/blob/main/job.yaml
job.batch/kube-bench created

$ kubectl get pods
NAME                      READY   STATUS              RESTARTS   AGE
kube-bench-j76s9   0/1     ContainerCreating   0          3s

# Wait for a few seconds for the job to complete
$ kubectl get pods
NAME                      READY   STATUS      RESTARTS   AGE
kube-bench-j76s9   0/1     Completed   0          11s

# The results are held in the pod's logs
kubectl logs kube-bench-j76s9
[INFO] 1 Master Node Security Configuration
[INFO] 1.1 API Server
...

CIS Benchmark

kube-bench

https://aquasecurity.github.io/trivy/v0.33/tutorials/kubernetes/cluster-scanning/