You are viewing documentation for version 1.18.x. The most current version is 1.20.x.  This documentation is available for 1.20.x.

K8s CIS Benchmark

Generating a Kubernetes CIS Benchmark report

The Kubernetes CIS Benchmark contains a number of security best practices to harden Kubernetes worker nodes.


Expanding upon the general instructions to run a report, for the Bottlerocket CIS benchmark use the identifier cis-k8s:

apiclient report cis-k8s

Adding the flag -l with the value of 2 will evaluate to the Level 2 benchmark. For example:

# Returns evaluation of CIS Benchmark Level 2
apiclient report cis-k8s -l 2

Audit and Remediation

Refer to the Kubernetes CIS Benchmark for detailed audit and remediation steps.

See a problem with this page? File an issue. All feedback is appreciated.
You can also directly contribute a change to the source file of this page on GitHub.