Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
kube-bench-master-plugin.yaml
kube-bench-plugin.yaml

README.md

CIS Benchmarks

This plugin utilizes the kube-bench implementation of the CIS security benchmarks. It is technically two plugins; one to run the checks on the master nodes and another to run the checks on the worker nodes.

Usage

To run this plugin, run the following command:

sonobuoy run --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml

Assumptions

To run both plugins (with the command above) the following assumptions are made:

  • One or more master node (with the label node-role.kubernetes.io/master)
  • One or more worker node (without the master node label)
  • Using Kubernetes 1.13+
  • Sonobuoy 0.16.4 (relies on support for node affinity and the command above expects --plugin to take a URL)

If you just want to run one or the other checks, specify only one of the plugins rather than both.

Customization

Although you can run the plugins by specifying the URL for the YAML in this repository, you can also download the YAML and modify it if you need a custom mount or would like to specify other options to the kube-bench application.

You can’t perform that action at this time.