CIS Kubernetes Benchmark v1.8.0

accepted CIS Kubernetes Benchmark v1.8.0 This benchmark provides prescriptive guidance for establishing a secure configuration posture for Kubernetes v1.28.0. This guide was tested against Kubernetes running on Linux. 1.8.0 CIS Kubernetes Benchmark Level 2 - Worker Node This profile contains configuration checks that align to the CIS Kubernetes Benchmark Level 2 for worker nodes. kube-bench Scan Result - Kubernetes worker node running K8s 1.28 root k8s-worker-03.example.com

192.168.2.104

k8s-worker-03.example.com 192.168.2.104 Kubernetes 1.28.0 worker

90.0

pass CIS-K8S-5.5.11

pass CIS-K8S-1.5.8

pass CIS-K8S-2.8.6

pass CIS-K8S-4.8.13

pass CIS-K8S-3.1.18

pass CIS-K8S-3.2.13

pass CIS-K8S-5.9.2

pass CIS-K8S-5.9.17

pass CIS-K8S-2.4.7

pass CIS-K8S-1.5.17

pass CIS-K8S-5.3.16

pass CIS-K8S-5.6.5

pass CIS-K8S-3.6.9

pass CIS-K8S-4.9.4

pass CIS-K8S-5.9.9

fail CIS-K8S-1.6.20

Check failed: control_plane_api_server_admission_control_plugin_node_restriction

pass CIS-K8S-5.3.2

pass CIS-K8S-3.7.9

pass CIS-K8S-1.4.8

fail CIS-K8S-1.4.4

Check failed: control_plane_api_server_audit_log_path

pass CIS-K8S-4.5.16

pass CIS-K8S-4.2.10

pass CIS-K8S-3.1.14

pass CIS-K8S-5.5.2

pass CIS-K8S-4.9.7

fail CIS-K8S-3.8.2

Check failed: control_plane_api_server_service_account_key_file

pass CIS-K8S-1.1.7

fail CIS-K8S-5.6.2

Check failed: control_plane_api_server_tls_cert_file

pass CIS-K8S-2.2.15

pass CIS-K8S-4.3.11

pass CIS-K8S-4.3.4

pass CIS-K8S-5.3.1

pass CIS-K8S-5.4.17

pass CIS-K8S-5.2.1

pass CIS-K8S-5.8.1

fail CIS-K8S-2.2.20

Check failed: control_plane_controller_manager_profiling

fail CIS-K8S-5.7.7

Check failed: control_plane_controller_manager_use_service_account_credentials

pass CIS-K8S-3.6.17

pass CIS-K8S-2.5.14

fail CIS-K8S-2.5.2

Check failed: control_plane_controller_manager_feature_gates_rotate_kubelet_server_certificate

pass CIS-K8S-5.9.15

fail CIS-K8S-3.2.4

Check failed: worker_node_kubelet_anonymous_auth

pass CIS-K8S-4.7.11

pass CIS-K8S-3.5.13

pass CIS-K8S-1.2.11

pass CIS-K8S-4.6.10

pass CIS-K8S-3.8.9

pass CIS-K8S-3.8.8

pass CIS-K8S-1.3.12

pass CIS-K8S-4.2.11

pass CIS-K8S-5.3.5

pass CIS-K8S-5.8.17

pass CIS-K8S-3.7.5

pass CIS-K8S-5.3.7

pass CIS-K8S-4.9.17

pass CIS-K8S-2.1.17

pass CIS-K8S-4.6.16

pass CIS-K8S-5.9.1

pass CIS-K8S-2.6.18

fail CIS-K8S-1.1.12

Check failed: network_policy_enabled

pass CIS-K8S-4.4.13