The Center for Internet Security (CIS) Kubernetes Benchmark is a reference document that can be used by system administrators, security and audit professionals and other IT roles to establish a secure configuration baseline for Kubernetes. CIS Benchmarks are developed by an open community of security practitioners and licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Internal Public License. This page gather resources about CIS Kubernetes benchmark and how to implement it.
Table of Contents:
Below we have compiled publicly available sources from around the world that present views on .
The Container Security book by Liz Rice Fundamental Technology Concepts that Protect Containerized Applications
Installing Kubernetes — There are many ways to install Kubernetes Guide and the obvious starting point is the setup section, but the installation process can sometimes be a challenge. This page gathers resources about how to install Kubernetes on various environments like Ubuntu, Windows and CentOS.
Kubernetes Configuration — Kubernetes Guide reads YAML files to configure services, pods and replication controllers.This page gathers resources about working with the Kubernetes configuration to deploy containers.
Kubernetes Monitoring — Monitoring Kubernetes effectively requires to rethink and reorient all monitoring strategies, especially if using traditional hosts such as VMs or physical machines. This page gathers resources about how to monitor Kubernetes cluster with tools like Prometheus and Datadog.
Kubernetes Debugging and Troubleshooting — This page gathers resources about how to troubleshoot problems that arise when creating and managing Kubernetes Guide pods, replication controllers, services, and containers.
Kubernetes Load Balancing — Load balancing is a relatively straightforward task in many non-container environments, but it involves a bit of special handling when it comes to containers. There are two different types of load balancing in Kubernetes - Internal load balancing across containers of the same type using a label, and external load balancing. This page gathers resources about how to configure and use the Kubernetes load balancer feature.
Kubernetes Security — Kubernetes Guide provides many controls that can improve application security. Configuring them requires intimate knowledge with Kubernetes and the deployment’s security requirements. This page gathers resources about security best practices for Kubernetes, including best practices for deployment, sharing data and network security.
Kubernetes Networking — Kubernetes does not provide any default network implementation, rather it only defines the model and leaves to other tools to implement it. There are many implementations nowadays like Flannel, Calico and Weave. This page gathers resources about how to set up highly available networked Kubernetes clusters.
Kubernetes Storage Management — Storage is a critical part of running stateful containers, and Kubernetes offers powerful primitives for managing it. This page gathers resources about managing Kubernetes storage options and how to provision storage in Kubernetes.
Kubernetes in Production — The default configurations for Kubernetes Guide components are not designed for heavy and dynamic production workloads, characteristic of DevOps environments and micro-services based application deployments where containers are quickly created and destroyed. This page gathers resources about how to create a production-ready Kubernetes cluster, including examples and tutorials.
Working with Kubernetes Ingress — Kubernetes ingress is a collection of routing rules that govern how external users access services running in a Kubernetes cluster. This page will introduce general strategies in Kubernetes for ingress, tutorials on how to build and troubleshoot Kubernetes Ingress controller and more.
Kubernetes Security Best Practices — Kubernetes deployments have opened up a new set of infrastructure security https://blog.aquasec.com/managing-kubernetes-secretsconcerns for development and operations teams. This page gathers resources about things you need to know about securing your Kubernetes infrastructure.
Managing Kubernetes with Kops and Kubeadm — Kops and Kubeadm is an official Kubernetes project for managing production-grade Kubernetes clusters. This Page gathers resources about Kops and Kubeadm basics and tutorials, including how to deploy Kubernetes on AWS.
Kubernetes Secrets — Kubernetes Secrets https://blog.aquasec.com/managing-kubernetes-secrets are objects used to control access within the Kubernetes container-orchestration system. This page gathers resources about the nature of Kubernetes Secrets, how you can use them, and related tools and products.
Kubernetes Autoscaling — Kubernetes Autoscaling is a feature for scaling nodes and pods in a Kubernetes Cluster. Autoscaling tools include Cluster Autoscaler and Horizontal Pod Autoscaler (HPA). While the scaling is automated, setting it up requires human involvement. This page gathers resources about autoscaling in Kubernetes.
Kubernetes ConfigMap — The ConfigMap API resource provides mechanisms to inject containers with configuration data while keeping containers agnostic of Kubernetes. ConfigMap can be used to store fine-grained information like individual properties or coarse-grained information like entire config files or JSON blobs. This page gather resources about Kubrenetes ConfigMap and how to create and use it.
Kubernetes Namespace — Kubernetes uses a concept called namespaces to help address the complexity of organizing objects within a cluster. Namespaces allow you to group objects together so you can filter and control them as a unit. This page gather resources about Kubrenetes namespace and how to use namespaces to manage your Kubernetes objects.
Kubernetes Authentication — Kubernetes offers a variety of authentication strategies including: client certificates, OpenID Connect Tokens, Webhook Token Authentication, Authentication Proxy, Service Account Tokens, and several more. This page gather resources about Kubernetes authentication and how to configure it.
Kubernetes Vault — Vault is a tool for managing sensitive data like passwords, access keys, and certificates. Vault allows us to decouple secrets from applications. Vault has built-in support for Kubernetes and can use Kubernetes APIs to verify the identity of an application. This page gather resources about Kubernetes Vault and how to use it.
CIS Kubernetes Benchmark — The Center for Internet Security (CIS) Kubernetes Benchmark is a reference document that can be used by system administrators, security and audit professionals and other IT roles to establish a secure configuration baseline for Kubernetes. CIS Benchmarks are developed by an open community of security practitioners and licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Internal Public License. This page gather resources about CIS Kubernetes benchmark and how to implement i