Assess Kubernetes Cluster Security With Kube-Bench

The Kubernetes CIS Benchmark is a set of best practices for securing a Kubernetes cluster that is published by the Center for Internet Security (CIS). The CIS Benchmark is a valuable resource for securing and hardening a cluster and serves as a great starting point for assessing the security of a cluster. It provides secure configuration guidelines developed for Kubernetes and spans over 250 pages of details on how to secure Kubernetes deployments.

This lab focuses on the kube-bench application by Aqua Security. Kube-bench is highlighted as a reference tool in the Certified Kubernetes Security Specialist (CKS) exam. You will learn how to run CIS Kubernetes Benchmark tests with kube-bench and filter/remediate findings in this lab.

Learning objectives

Upon completion of this lab, you will be able to:

• Use kube-bench to run CIS Kubernetes Benchmark tests on a cluster
• Use various flags to filter the tests and results of the tests
• Take steps to remediate a failed test

Intended audience

• Candidates for the Certified Kubernetes Security Specialist (CKS) exam
• DevOps Engineers
• Security Practitioners

Prerequisites

Familiarity with the following will be beneficial but is not required:

• Kubernetes Pods
• kubectl output formatting

The following content can be used to fulfill the prerequisites:

• Introduction to Kubernetes

Updates

June 26th, 2025 - Updated to run Kubernetes 1.33

July 10th, 2024 - Updated cluster to Kubernetes 1.30