CIS Kubernetes Benchmark v1.8.0

accepted CIS Kubernetes Benchmark v1.8.0 This benchmark provides prescriptive guidance for establishing a secure configuration posture for Kubernetes v1.28.0. This guide was tested against Kubernetes running on Linux. 1.8.0 CIS Kubernetes Benchmark Level 2 - Worker Node This profile contains configuration checks that align to the CIS Kubernetes Benchmark Level 2 for worker nodes. kube-bench Scan Result - Kubernetes worker node running K8s 1.28 root k8s-worker-01.example.com

192.168.2.102

k8s-worker-01.example.com 192.168.2.102 Kubernetes 1.28.0 worker

88.0

fail CIS-K8S-2.4.14

Check failed: control_plane_api_server_anonymous_auth

pass CIS-K8S-1.6.20

pass CIS-K8S-1.8.10

pass CIS-K8S-5.6.8

pass CIS-K8S-5.2.14

fail CIS-K8S-2.5.15

Check failed: control_plane_api_server_kubelet_certificate_authority

pass CIS-K8S-4.7.8

pass CIS-K8S-1.8.4

fail CIS-K8S-4.4.9

Check failed: control_plane_api_server_authorization_mode_rbac

pass CIS-K8S-1.2.18

pass CIS-K8S-4.1.5

pass CIS-K8S-5.2.14

pass CIS-K8S-1.9.3

pass CIS-K8S-1.3.3

pass CIS-K8S-1.1.12

fail CIS-K8S-5.7.14

Check failed: control_plane_api_server_admission_control_plugin_node_restriction

pass CIS-K8S-4.9.2

pass CIS-K8S-4.4.18

pass CIS-K8S-2.2.14

fail CIS-K8S-4.1.10

Check failed: control_plane_api_server_audit_log_path

pass CIS-K8S-1.1.14

pass CIS-K8S-5.9.4

pass CIS-K8S-1.6.19

fail CIS-K8S-3.5.6

Check failed: control_plane_api_server_request_timeout

pass CIS-K8S-1.7.16

pass CIS-K8S-1.6.10

pass CIS-K8S-3.9.10

pass CIS-K8S-1.2.18

pass CIS-K8S-5.6.3

pass CIS-K8S-3.4.19

pass CIS-K8S-1.6.3

pass CIS-K8S-3.2.4

pass CIS-K8S-4.2.19

pass CIS-K8S-2.1.16

pass CIS-K8S-4.9.16

pass CIS-K8S-4.6.18

pass CIS-K8S-3.9.8

pass CIS-K8S-1.4.1

pass CIS-K8S-4.5.1

pass CIS-K8S-3.8.4

pass CIS-K8S-5.3.16

fail CIS-K8S-2.8.6

Check failed: worker_node_kubelet_anonymous_auth

pass CIS-K8S-5.5.13

pass CIS-K8S-4.2.3

fail CIS-K8S-5.5.11

Check failed: worker_node_kubelet_read_only_port

pass CIS-K8S-3.8.5

pass CIS-K8S-4.9.14

pass CIS-K8S-3.1.6

pass CIS-K8S-2.8.11

pass CIS-K8S-3.8.20

pass CIS-K8S-2.6.4

pass CIS-K8S-3.2.2

fail CIS-K8S-5.8.13

Check failed: etcd_cert_file

pass CIS-K8S-5.3.5

fail CIS-K8S-1.8.13

Check failed: etcd_auto_tls

pass CIS-K8S-3.6.13

pass CIS-K8S-2.2.20

pass CIS-K8S-4.2.3

pass CIS-K8S-1.6.11

pass CIS-K8S-1.6.12

pass CIS-K8S-1.7.11