<!doctype html>
< html lang = "en" class = "no-js" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width,initial-scale=1" >
< meta name = "description" content = "Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark" >
< link rel = "canonical" href = "https://aquasecurity.github.io/kube-bench/dev/platforms/" >
< link rel = "icon" href = "../assets/images/favicon.png" >
< meta name = "generator" content = "mkdocs-1.2, mkdocs-material-7.1.7+insiders-2.9.2" >
< title > Platforms - Kube-bench< / title >
< link rel = "stylesheet" href = "../assets/stylesheets/main.92048cb8.min.css" >
< link rel = "stylesheet" href = "../assets/stylesheets/palette.73e53a79.min.css" >
< link rel = "preconnect" href = "https://fonts.gstatic.com" crossorigin >
< link rel = "stylesheet" href = "https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback" >
< style > : root { --md-text-font-family : "Roboto" ; --md-code-font-family : "Roboto Mono" } < / style >
< / head >
< body dir = "ltr" data-md-color-scheme = "" data-md-color-primary = "none" data-md-color-accent = "none" >
< script > function _ _scope ( t , e = ".." ) { return new URL ( e , location ) . pathname + "." + t } function _ _get ( t , e = localStorage , n ) { return JSON . parse ( e . getItem ( _ _scope ( t , n ) ) ) } function _ _set ( t , e , n = localStorage , o ) { try { n . setItem ( _ _scope ( t , o ) , JSON . stringify ( e ) ) } catch ( t ) { } } < / script >
< input class = "md-toggle" data-md-toggle = "drawer" type = "checkbox" id = "__drawer" autocomplete = "off" >
< input class = "md-toggle" data-md-toggle = "search" type = "checkbox" id = "__search" autocomplete = "off" >
< label class = "md-overlay" for = "__drawer" > < / label >
< div data-md-component = "skip" >
< a href = "#cis-kubernetes-benchmark-support" class = "md-skip" >
Skip to content
< / a >
< / div >
< div data-md-component = "announce" >
< / div >
< div data-md-component = "outdated" hidden >
< aside class = "md-banner md-banner--warning" >
< / aside >
< / div >
< header class = "md-header" data-md-component = "header" >
< nav class = "md-header__inner md-grid" aria-label = "Header" >
< a href = ".." title = "Kube-bench" class = "md-header__button md-logo" aria-label = "Kube-bench" data-md-component = "logo" >
< img src = "../images/kube-bench-logo-only.png" alt = "logo" >
< / a >
< label class = "md-header__button md-icon" for = "__drawer" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z" / > < / svg >
< / label >
< div class = "md-header__title" data-md-component = "header-title" >
< div class = "md-header__ellipsis" >
< div class = "md-header__topic" >
< span class = "md-ellipsis" >
Kube-bench
< / span >
< / div >
< div class = "md-header__topic" data-md-component = "header-topic" >
< span class = "md-ellipsis" >
Platforms
< / span >
< / div >
< / div >
< / div >
< label class = "md-header__button md-icon" for = "__search" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg >
< / label >
< div class = "md-search" data-md-component = "search" role = "dialog" >
< label class = "md-search__overlay" for = "__search" > < / label >
< div class = "md-search__inner" role = "search" >
< form class = "md-search__form" name = "search" >
< input type = "text" class = "md-search__input" name = "query" aria-label = "Search" placeholder = "Search" autocapitalize = "off" autocorrect = "off" autocomplete = "off" spellcheck = "false" data-md-component = "search-query" required >
< label class = "md-search__icon md-icon" for = "__search" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg >
< / label >
< nav class = "md-search__options" aria-label = "Search" >
< button type = "reset" class = "md-search__icon md-icon" aria-label = "Clear" tabindex = "-1" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z" / > < / svg >
< / button >
< / nav >
< / form >
< div class = "md-search__output" >
< div class = "md-search__scrollwrap" data-md-scrollfix >
< div class = "md-search-result" data-md-component = "search-result" >
< div class = "md-search-result__meta" >
Initializing search
< / div >
< ol class = "md-search-result__list" > < / ol >
< / div >
< / div >
< / div >
< / div >
< / div >
< div class = "md-header__source" >
< a href = "https://github.com/aquasecurity/kube-bench/" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 448 512" > < path d = "M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z" / > < / svg >
< / div >
< div class = "md-source__repository" >
GitHub
< / div >
< / a >
< / div >
< / nav >
< / header >
< div class = "md-container" data-md-component = "container" >
< main class = "md-main" data-md-component = "main" >
< div class = "md-main__inner md-grid" >
< div class = "md-sidebar md-sidebar--primary" data-md-component = "sidebar" data-md-type = "navigation" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--primary" aria-label = "Navigation" data-md-level = "0" >
< label class = "md-nav__title" for = "__drawer" >
< a href = ".." title = "Kube-bench" class = "md-nav__button md-logo" aria-label = "Kube-bench" data-md-component = "logo" >
< img src = "../images/kube-bench-logo-only.png" alt = "logo" >
< / a >
Kube-bench
< / label >
< div class = "md-nav__source" >
< a href = "https://github.com/aquasecurity/kube-bench/" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 448 512" > < path d = "M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z" / > < / svg >
< / div >
< div class = "md-source__repository" >
GitHub
< / div >
< / a >
< / div >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = ".." class = "md-nav__link" >
Overview
< / a >
< / li >
< li class = "md-nav__item md-nav__item--active md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_2" type = "checkbox" id = "__nav_2" checked >
< label class = "md-nav__link" for = "__nav_2" >
Getting Started
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Getting Started" data-md-level = "1" >
< label class = "md-nav__title" for = "__nav_2" >
< span class = "md-nav__icon md-icon" > < / span >
Getting Started
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../installation/" class = "md-nav__link" >
Installation
< / a >
< / li >
< li class = "md-nav__item md-nav__item--active" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "toc" type = "checkbox" id = "__toc" >
< label class = "md-nav__link md-nav__link--active" for = "__toc" >
Platforms
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< a href = "./" class = "md-nav__link md-nav__link--active" >
Platforms
< / a >
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#cis-kubernetes-benchmark-support" class = "md-nav__link" >
CIS Kubernetes Benchmark support
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../running/" class = "md-nav__link" >
How to run
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../asff/" class = "md-nav__link" >
ASFF
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../flags-and-commands/" class = "md-nav__link" >
Flags
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_4" type = "checkbox" id = "__nav_4" >
< label class = "md-nav__link" for = "__nav_4" >
Configuration Options
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Configuration Options" data-md-level = "1" >
< label class = "md-nav__title" for = "__nav_4" >
< span class = "md-nav__icon md-icon" > < / span >
Configuration Options
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../controls/" class = "md-nav__link" >
Understanding the yamls
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../architecture/" class = "md-nav__link" >
Architecture
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../CONTRIBUTING.md" class = "md-nav__link" >
Contributing
< / a >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-sidebar md-sidebar--secondary" data-md-component = "sidebar" data-md-type = "toc" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#cis-kubernetes-benchmark-support" class = "md-nav__link" >
CIS Kubernetes Benchmark support
< / a >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-content" data-md-component = "content" >
< article class = "md-content__inner md-typeset" >
< h1 > Platforms< / h1 >
< h2 id = "cis-kubernetes-benchmark-support" > CIS Kubernetes Benchmark support< / h2 >
< p > kube-bench supports running tests for Kubernetes.
Most of our supported benchmarks are defined in the < a href = "https://www.cisecurity.org/benchmark/kubernetes/" > CIS Kubernetes Benchmarks< / a > .
Some defined by other hardenening guides.< / p >
< table >
< thead >
< tr >
< th > Source< / th >
< th > Kubernetes Benchmark< / th >
< th > kube-bench config< / th >
< th > Kubernetes versions< / th >
< / tr >
< / thead >
< tbody >
< tr >
< td > CIS< / td >
< td > < a href = "https://workbench.cisecurity.org/benchmarks/4892" > 1.5.1< / a > < / td >
< td > cis-1.5< / td >
< td > 1.15-< / td >
< / tr >
< tr >
< td > CIS< / td >
< td > < a href = "https://workbench.cisecurity.org/benchmarks/4834" > 1.6.0< / a > < / td >
< td > cis-1.6< / td >
< td > 1.16-< / td >
< / tr >
< tr >
< td > CIS< / td >
< td > < a href = "https://workbench.cisecurity.org/benchmarks/4536" > GKE 1.0.0< / a > < / td >
< td > gke-1.0< / td >
< td > GKE< / td >
< / tr >
< tr >
< td > CIS< / td >
< td > < a href = "https://workbench.cisecurity.org/benchmarks/5190" > EKS 1.0.0< / a > < / td >
< td > eks-1.0< / td >
< td > EKS< / td >
< / tr >
< tr >
< td > CIS< / td >
< td > < a href = "https://workbench.cisecurity.org/benchmarks/6467" > ACK 1.0.0< / a > < / td >
< td > ack-1.0< / td >
< td > ACK< / td >
< / tr >
< tr >
< td > RHEL< / td >
< td > RedHat OpenShift hardening guide< / td >
< td > rh-0.7< / td >
< td > OCP 3.10-3.11< / td >
< / tr >
< tr >
< td > CIS< / td >
< td > < a href = "https://workbench.cisecurity.org/benchmarks/6778" > OCP4 1.1.0< / a > < / td >
< td > rh-1.0< / td >
< td > OCP 4.1-< / td >
< / tr >
< / tbody >
< / table >
< / article >
< / div >
< / div >
< / main >
< footer class = "md-footer" >
< nav class = "md-footer__inner md-grid" aria-label = "Footer" >
< a href = "../installation/" class = "md-footer__link md-footer__link--prev" aria-label = "Previous: Installation" rel = "prev" >
< div class = "md-footer__button md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg >
< / div >
< div class = "md-footer__title" >
< div class = "md-ellipsis" >
< span class = "md-footer__direction" >
Previous
< / span >
Installation
< / div >
< / div >
< / a >
< a href = "../running/" class = "md-footer__link md-footer__link--next" aria-label = "Next: How to run" rel = "next" >
< div class = "md-footer__title" >
< div class = "md-ellipsis" >
< span class = "md-footer__direction" >
Next
< / span >
How to run
< / div >
< / div >
< div class = "md-footer__button md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z" / > < / svg >
< / div >
< / a >
< / nav >
< div class = "md-footer-meta md-typeset" >
< div class = "md-footer-meta__inner md-grid" >
< div class = "md-footer-copyright" >
< / div >
< / div >
< / div >
< / footer >
< / div >
< div class = "md-dialog" data-md-component = "dialog" >
< div class = "md-dialog__inner md-typeset" > < / div >
< / div >
< script id = "__config" type = "application/json" > { "base" : ".." , "features" : [ ] , "translations" : { "clipboard.copy" : "Copy to clipboard" , "clipboard.copied" : "Copied to clipboard" , "search.config.lang" : "en" , "search.config.pipeline" : "trimmer, stopWordFilter" , "search.config.separator" : "[\\s\\-]+" , "search.placeholder" : "Search" , "search.result.placeholder" : "Type to start searching" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.term.missing" : "Missing" , "select.version.title" : "Select version" } , "search" : "../assets/javascripts/workers/search.df8cae7d.min.js" , "version" : { "method" : "mike" , "provider" : "mike" } } < / script >
< script src = "../assets/javascripts/bundle.82217815.min.js" > < / script >
< / body >
< / html >