VolumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet readOnly: true - name: etc-systemd mountPath: /etc/systemd readOnly: true - name: etc-kubernetes mountPath: /etc/kubernetes readOnly: true restartPolicy: Never volumes: - name: var-lib-kubelet hostPath: path: "/var/lib/kubelet" - name: etc-systemd hostPath: path: "/etc/systemd" - name: etc-kubernetes hostPath: path: "/etc/kubernetes"
# eks-kube-bench-job.yaml apiVersion: batch/v1 kind: Job metadata: name: kube-bench spec: template: spec: hostPID: true containers: - name: kube-bench image: aquasec/kube-bench:latest command: In this blog, we are going to run the kube-bench as a kubernetes job.
Cis benchmark for aws eks install#
We can install the kube-bench directly in the nodes as well. We will deploy the Kubernetes Job using the below YAML file. CIS Amazon EKS Benchmark v1.0.0 provides guidance for node security configurations for Kubernetes and aligns with CIS Kubernetes Benchmark. It works best when you want to understand whether your workloads and the worker nodes are appropriately set up to implement these guidelines. The managed Kubernetes clusters provide a level of CIS hardening already in place, and it delegates some settings to the user. The CIS Kubernetes Benchmark is scoped for implementations managing both the control plane, which includes etcd, API server, controller, scheduler, and the data plane, which is made up of one or more nodes or EC2 instances. Managed Kubernetes & CIS Amazon EKS Benchmark Each test is defined in the YAML and also supports JSON-format output that can be used to evolve along wiht Kubernetes and to integrate with automaton tools. It's written as a Go application and also distributed as a container. The kube-bench is an open-source tool that checks whether Kubernetes is deployed securely by running the CIS benchmark for Kubernetes checks. The CIS has published a benchmark for Kubernetes. The Center for Internet Security provides many guidelines and benchmark tests for best practices in securing your code.
0 kommentar(er)
