CIS Benchmarking

CIS Benchmark for Kubernetes is a guide that consists of secure configuration guidelines and best practices developed for Kubernetes.

In this document, information how it can be run on a Kubernetes cluster created using KubeOne and what to expect as the result is described.

Tooling

Trivy is the tool used to run the benchmark.

Installation

To install trivy, follow the instructions here.

Running the Benchmark

trivy k8s --compliance=k8s-cis-1.23 --report summary --timeout=1h --tolerations node-role.kubernetes.io/control-plane="":NoSchedule

Table of Content

• Benchmark on Kubernetes 1.33 with KubeOne 1.11.2
• Benchmark on Kubernetes 1.27 with KubeOne 1.7.3
• Benchmark on Kubernetes 1.29 with KubeOne 1.8.0