CIS Benchmark for Kubernetes is a guide that consists of secure configuration guidelines and best practices developed for Kubernetes.
In this document, information how it can be run on a Kubernetes cluster created using KKP and what to expect as the result is described.
Please note: It is impossible to inspect the master nodes of managed clusters(KKP user clusters) since from within the cluster(kubeconfig) one does not have access to such nodes. So for KKP, we can only check the worker nodes.
Trivy is the tool used to run the benchmark.
To install trivy, follow the instructions here.
trivy k8s --compliance=k8s-cis-1.23 --report summary