mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2025-07-04 13:52:41 +00:00
Based on the information furnished in https://ranchermanager.docs.rancher.com/v2.7/pages-for-subheaders/rancher-hardening-guides#hardening-guides-and-benchmark-versions, kube-bench executes CIS-1.23 (Kubernetes v1.23) , CIS-1.24(Kubernetes v1.24),CIS-1.7 (Kubernetes v1.25,v1.26,v1.27) CIS Benchmarks of respective distributions.
updated documentation specific to added rancher platforms
This commit is contained in:
Kiran Bodipi
parent
d2f8a98feb
commit
b36129c9b9
@ -9,7 +9,7 @@ Most of our supported benchmarks are defined in one of the following:
|
|||||||
Some defined by other hardenening guides.
|
Some defined by other hardenening guides.
|
||||||
|
|
||||||
| Source | Kubernetes Benchmark | kube-bench config | Kubernetes versions |
|
| Source | Kubernetes Benchmark | kube-bench config | Kubernetes versions |
|
||||||
|------|-------------------------------------------------------------------------------------------------------------|--------------------------|---------------------|
|
|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------|---------------------|
|
||||||
| CIS | [1.5.1](https://workbench.cisecurity.org/benchmarks/4892) | cis-1.5 | 1.15 |
|
| CIS | [1.5.1](https://workbench.cisecurity.org/benchmarks/4892) | cis-1.5 | 1.15 |
|
||||||
| CIS | [1.6.0](https://workbench.cisecurity.org/benchmarks/4834) | cis-1.6 | 1.16-1.18 |
|
| CIS | [1.6.0](https://workbench.cisecurity.org/benchmarks/4834) | cis-1.6 | 1.16-1.18 |
|
||||||
| CIS | [1.20](https://workbench.cisecurity.org/benchmarks/6246) | cis-1.20 | 1.19-1.21 |
|
| CIS | [1.20](https://workbench.cisecurity.org/benchmarks/6246) | cis-1.20 | 1.19-1.21 |
|
||||||
@ -28,3 +28,6 @@ Some defined by other hardenening guides.
|
|||||||
| CIS | [1.6.0-k3s](https://docs.rancher.cn/docs/k3s/security/self-assessment/_index) | cis-1.6-k3s | k3s v1.16-v1.24 |
|
| CIS | [1.6.0-k3s](https://docs.rancher.cn/docs/k3s/security/self-assessment/_index) | cis-1.6-k3s | k3s v1.16-v1.24 |
|
||||||
| DISA | [Kubernetes Ver 1, Rel 6](https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R6_STIG.zip) | eks-stig-kubernetes-v1r6 | EKS |
|
| DISA | [Kubernetes Ver 1, Rel 6](https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R6_STIG.zip) | eks-stig-kubernetes-v1r6 | EKS |
|
||||||
| CIS | [TKGI 1.2.53](https://network.pivotal.io/products/p-compliance-scanner#/releases/1248397) | tkgi-1.2.53 | vmware |
|
| CIS | [TKGI 1.2.53](https://network.pivotal.io/products/p-compliance-scanner#/releases/1248397) | tkgi-1.2.53 | vmware |
|
||||||
|
| CIS | [1.7.0-rke](https://ranchermanager.docs.rancher.com/v2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27) | rke-cis-1.7 | rke v1.25-v1.27 |
|
||||||
|
| CIS | [1.7.0-rke2](https://ranchermanager.docs.rancher.com/v2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27) | rke2-cis-1.6 | rke2 v1.25-v1.27 |
|
||||||
|
| CIS | [1.7.0-k3s](https://ranchermanager.docs.rancher.com/v2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27) | k3s-cis-1.7 | k3s v1.25-v1.27 |
|
||||||
|
|||||||
@ -192,3 +192,30 @@ To run the benchmark as a job in your VMware tkgi cluster apply the included `jo
|
|||||||
```
|
```
|
||||||
kubectl apply -f job-tkgi.yaml
|
kubectl apply -f job-tkgi.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Running in a Rancher RKE cluster
|
||||||
|
|
||||||
|
| CIS Benchmark | Targets |
|
||||||
|
|---------------|--------------------------------------------|
|
||||||
|
| rke-cis-1.7 | master, etcd, controlplane, node, policies |
|
||||||
|
|
||||||
|
kube-bench includes benchmarks for Rancher RKE platform.
|
||||||
|
To run this you will need to specify `--benchmark rke-cis-1.7` when you run the `kube-bench` command.
|
||||||
|
|
||||||
|
### Running in a Rancher RKE2 cluster
|
||||||
|
|
||||||
|
| CIS Benchmark | Targets |
|
||||||
|
|---------------|--------------------------------------------|
|
||||||
|
| rke2-cis-1.7 | master, etcd, controlplane, node, policies |
|
||||||
|
|
||||||
|
kube-bench includes benchmarks for Rancher RKE2 platform.
|
||||||
|
To run this you will need to specify `--benchmark rke2-cis-1.7` when you run the `kube-bench` command.
|
||||||
|
|
||||||
|
### Running in a Rancher K3s cluster
|
||||||
|
|
||||||
|
| CIS Benchmark | Targets |
|
||||||
|
|---------------|--------------------------------------------|
|
||||||
|
| k3s-cis-1.7 | master, etcd, controlplane, node, policies |
|
||||||
|
|
||||||
|
kube-bench includes benchmarks for Rancher K3S platform.
|
||||||
|
To run this you will need to specify `--benchmark k3s-cis-1.7` when you run the `kube-bench` command.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user