orbos We should test security best practices in k8s

We should test security best practices in k8s

Open fforootd opened this issue 5 years ago • 3 comments

I think it would be best to remediate as much as possible in an automated manor. So we could run something like kube-bench in our test pipeline and then remediate most of the issues.

Target should be that the kubeadm deployment is hardened automatically without a lot of customization from customers.

@thesephirot @eliobischof @stebenz inputs?

Jan 28 '20 21:01 fforootd

Test results from an existing cluster with orbiter version 0.12.5 can be found with the INTERNAL link below

https://drive.google.com/drive/folders/1Hs0BKqS0o4mEDWTYiFdtSxl1z0XheIaH

Jan 28 '20 21:01 fforootd

Some more links

https://github.com/kubernetes/kubeadm/issues/683

https://github.com/kubernetes/kubeadm/issues/1649

Jan 28 '20 21:01 fforootd

did a basic kube-bench test,... the "doing" is not that bad,... I guess we should test this on a control plane to have a complete log and check the output

citadel-kube-bench-logs.txt

Mar 06 '20 15:03 thesephirot

orbos orbos copied to clipboard

We should test security best practices in k8s

orbos
orbos copied to clipboard