CIS Benchmark for Kubernetes is a guide that consists of secure configuration guidelines and best practices developed for Kubernetes.
In this document, information how it can be run on a Kubernetes cluster created using KubeOne and what to expect as the result is described.
Trivy is the tool used to run the benchmark.
Installation
To install trivy, follow the instructions here.
Running the Benchmark
trivy k8s --compliance=k8s-cis-1.23 --report summary --timeout=1h --tolerations node-role.kubernetes.io/control-plane="":NoSchedule
Table of Content