CIS Kubernetes Benchmark v1.8.0

accepted CIS Kubernetes Benchmark v1.8.0 This benchmark provides prescriptive guidance for establishing a secure configuration posture for Kubernetes v1.28.0. This guide was tested against Kubernetes running on Linux. 1.8.0 CIS Kubernetes Benchmark Level 2 - Worker Node This profile contains configuration checks that align to the CIS Kubernetes Benchmark Level 2 for worker nodes. kube-bench Scan Result - Kubernetes worker node running K8s 1.28 root k8s-worker-02.example.com

192.168.2.103

k8s-worker-02.example.com 192.168.2.103 Kubernetes 1.28.0 worker

85.0

pass CIS-K8S-3.5.11

pass CIS-K8S-5.5.5

fail CIS-K8S-2.5.15

Check failed: control_plane_api_server_token_auth

pass CIS-K8S-3.5.4

pass CIS-K8S-2.6.3

pass CIS-K8S-1.8.14

pass CIS-K8S-5.4.7

pass CIS-K8S-3.5.8

pass CIS-K8S-3.6.9

fail CIS-K8S-2.8.2

Check failed: control_plane_api_server_admission_control_plugin_always_admit

pass CIS-K8S-3.5.7

fail CIS-K8S-3.3.20

Check failed: control_plane_api_server_admission_control_plugin_security_context_deny

fail CIS-K8S-4.5.20

Check failed: control_plane_api_server_admission_control_plugin_service_account

pass CIS-K8S-2.7.10

fail CIS-K8S-1.7.19

Check failed: control_plane_api_server_admission_control_plugin_pod_security_policy

pass CIS-K8S-2.9.6

pass CIS-K8S-1.2.4

pass CIS-K8S-2.3.5

pass CIS-K8S-1.1.19

fail CIS-K8S-5.6.20

Check failed: control_plane_api_server_audit_log_path

pass CIS-K8S-1.7.18

fail CIS-K8S-4.6.2

Check failed: control_plane_api_server_audit_log_maxbackup

pass CIS-K8S-5.1.10

pass CIS-K8S-2.3.14

pass CIS-K8S-2.1.14

pass CIS-K8S-1.6.14

pass CIS-K8S-1.9.5

fail CIS-K8S-4.3.12

Check failed: control_plane_api_server_tls_cert_file

fail CIS-K8S-5.7.10

Check failed: control_plane_api_server_client_ca_file

pass CIS-K8S-3.6.16

pass CIS-K8S-4.3.5

pass CIS-K8S-5.8.12

pass CIS-K8S-1.5.8

pass CIS-K8S-4.1.1

pass CIS-K8S-4.2.16

pass CIS-K8S-3.9.11

pass CIS-K8S-2.5.2

fail CIS-K8S-2.1.12

Check failed: control_plane_controller_manager_service_account_private_key_file

pass CIS-K8S-1.4.2

pass CIS-K8S-1.6.18

pass CIS-K8S-5.6.11

fail CIS-K8S-4.4.20

Check failed: worker_node_kubelet_anonymous_auth

pass CIS-K8S-5.5.19

pass CIS-K8S-1.1.18

pass CIS-K8S-3.6.19

fail CIS-K8S-5.3.12

Check failed: worker_node_kubelet_streaming_connection_idle_timeout

pass CIS-K8S-3.4.18

pass CIS-K8S-5.2.16

pass CIS-K8S-5.4.16

pass CIS-K8S-3.7.9

pass CIS-K8S-3.7.17

pass CIS-K8S-4.1.16

pass CIS-K8S-1.2.20

pass CIS-K8S-3.5.17

pass CIS-K8S-5.7.2

pass CIS-K8S-3.1.5

pass CIS-K8S-2.3.15

pass CIS-K8S-2.7.4

pass CIS-K8S-5.3.12

pass CIS-K8S-5.4.1

pass CIS-K8S-1.9.8