No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cfg
examples
.gitignore
Dockerfile
LICENSE
Makefile
README.md
kube-bench
run_checks.sh

README.md

Sonobuoy "bulkhead" plugin

This Sonobuoy plugin, bulkhead performs automated CIS Benchmark assessments against your Kubernetes cluster master and worker nodes by using kube-bench and outputs those results in the native kube-bench json format.

NOTE: This plugin was not officially created by either Heptio or Aqua Security. It is also in the very early stages.

Quick usage

  1. Edit the Makefile to use your container registry
  2. Run make && make push to build and push your image
  3. Modify examples/benchmark.yml to change your image location
  4. Run kubectl create -f examples/benchmark.yml to install Sonobuoy with this plugin enabled/running.
  5. When the scan(s) are complete, collect the results: kubectl cp heptio-sonobuoy/sonobuoy:/tmp/sonobuoy ./results --namespace=heptio-sonobuoy
  6. View the results: cd results && tar -zxvf *.tar.gz && cd plugins/bulkhead
  7. Clean up: kubectl delete -f examples/benchmark.yml (This removes all scan data, too)

TODO

  • Work on a Sonobuoy results parser