To run the checks execute the following command. By default, kube-bench refers the /etc/kube-bench/cfg directory. curl -L -o bĪfter the installation, you can find the kube-bench cfg folder in the /etc/kube-bench/ directory.Īlso, you can run the kube-bench checks without providing the config directory parameters as we did in the binary installation. rpm packages.įor example, to install on Debian/Ubuntu systems, you can execute the following commands. On the releases page, you will find both. You can also install and run kube-bench using Linux packages. sudo kube-bench -config-dir /opt/kube-bench/cfg -config /opt/kube-bench/cfg/config.yaml > kube-bench.report Installing Kube-bench From Package If you want the report in a separate file, you can direct the output to a file as shown below. 1.1.2 Ensure that the API server pod specification file ownership is set to root:root (Automated)ġ.1.9 Run the below command (based on the file location on your system) on the control plane node.ġ.1.12 On the etcd server node, get the etcd data directory, passed as an argument -data-dir, 1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Automated) 1.1 Control Plane Node Configuration Files The above command will run the benchmarks checks and creates the summary of checks, remediation, and summary as shown below. sudo kube-bench -config-dir /opt/kube-bench/cfg -config /opt/kube-bench/cfg/config.yaml We will be using the generic config.yaml to run the benchmarks using the following command. Step 4: Let’s run the benchmark checks using kube-bench executable. Now you can execute kube-bench from any system location. Step 4: Move the kube-bench executable to the /usr/local/bin directory that is part of the system PATH sudo mv /opt/kube-bench/kube-bench /usr/local/bin/ If you check the /opt/kube-bench directory, You will see the kube-bench executable and cfg folder that contains the benchmark variations for different versions and versions of managed kubernetes services GKE, EKS, AKS, etc as shown in the following tree structure. Step 3: Untar the binary to /opt/kube-bench folder tar -xvf -C /opt/kube-bench Step 2: Go to the kube-bench releases page and choose the latest Linux binary link. Step 1: Log in to the control plane(master) node and create a kube-bench directory sudo mkdir -p /opt/kube-bench If you are utilizing a managed Kubernetes service, you can run kube-bench as a pod, as explained in the following section. Note: This method will only work if you have access to the control plane node. If you are preparing for CKS certification, running kube-bench from the command line is one of the important tasks.
0 Comments
Leave a Reply. |