CIS Benchmark for Kubernetes is a guide that consists of secure configuration guidelines and best practices developed for Kubernetes.
In this document, information how it can be run on a Kubernetes cluster created using KubeOne and what to expect as the result is described.
Trivy is the tool used to run the benchmark.
To install trivy, follow the instructions here.
trivy k8s --compliance=k8s-cis-1.23 --report summary --timeout=1h --tolerations node-role.kubernetes.io/control-plane="":NoSchedule