In this Quickstart post, you’ll learn about how to get Aqua Security Kube-Bench up and running.
Over the course of the past few weeks, I’ve been testing out and researching a ton of different Kubernetes security scanning tools, and kube-bench is definitely a great tool to get started with.
To run this test, two Ubuntu servers were configured. One Ubuntu server is the Control Plane and the other is the Worker Node.
You don’t need Kubeadm to run this. Really, all you need is a Kubernetes cluster running anywhere (even Minikube). If you have a Managed Kubernetes Service in the cloud, that would work as well.
If you want to test this out in Kubeadm, you can install Kubeadm from the instructions here: https://github.com/AdminTurnedDevOps/Kubernetes-Quickstart-Environments/tree/main/Bare-Metal/kubeadm.
The purpose of running this on Kubeadm was because it’s an environment that’s fully managed by the engineer, which means the results are a direct reflection of Kubernetes not being secure out of the box.
The installation process is straightforward and typically a few commands. Of course, this is going to all depend on your Operating System. The below example is for Ubuntu.
First, download the package.
curl -L [https://github.com/aquasecurity/kube-bench/releases/download/v0.6.10/kube-bench_0.6.10_linux_amd64.deb](https://github.com/aquasecurity/kube-bench/releases/download/v0.6.2/kube-bench_0.6.2_linux_amd64.deb) -o kube-bench_0.6.10_linux_amd64.deb
sudo apt install ./kube-bench_0.6.10_linux_amd64.deb -f
kube-bench is installed, test it out on the terminal.
You don’t need to specify any flags or switches. You can simply run
kube-bench and get an output for remediations.
When you run
kube-bench, you’ll see a lot of output. To break it down at a high level, the output is:
- All tests run on the Control Plane for each Control Plane resource (Scheduler, etcd, Controller, API server).
- You’ll see remediations for other Controllers and Kubernetes resources like RBAC.
- All remediation recommendations including how to fix the problem, links to the fix, and the actual commands you need.
- What passed and what failed in the Control Plane.
With all of the output from the
kube-bench command, you can make decisions and create remediation practices in your environment.