CIS Kubernetes V1.20 Benchmark V1.0.0 L2 Master

Details Apply Security Context to Your Pods and Containers Rationale: A security context defines the operating system security settings (uid,...

Details NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance. Supportive Information...

Details Configure Image Provenance for your deployment. Rationale: Kubernetes supports plugging in provenance rules to accept or reject the images...

Details Consider the use of an external secrets storage and management system, instead of using Kubernetes Secrets directly, if you...

Details Use network policies to isolate traffic in your cluster network. Rationale: Running different applications on the same Kubernetes cluster...

Details Use a different certificate authority for etcd from the one used for Kubernetes. Rationale: etcd is a highly available...

Details Ensure that the audit policy created for the cluster covers key security concerns. Rationale: Security audit logs should cover...

Details Enable kubelet server certificate rotation on controller-manager. Rationale: RotateKubeletServerCertificate causes the kubelet to both request a serving certificate after...

Details Enable docker/default seccomp profile in your pod definitions. Rationale: Seccomp (secure computing mode) is used to restrict the set...

Details Do not generally permit containers with capabilities Rationale: Containers run with a default set of capabilities as assigned by...