2. Karthik Gaekwad
• Used to be a dev.
• Cloud Native Evangelist,
Oracle Cloud Infrastructure
• My worlds are colliding…
• Reading K8s hardening
docs.
• Here’s what I have
@iteration1
4. 3 tools you should know
• Kube-bench
• Kubesec
• KubeAudit
5. Kube-bench
• https://github.com/aquasecurity/kube-bench
• “The Kubernetes Bench for Security is a Go application
that checks whether Kubernetes is deployed according to
security best practices.”
• Defined by the CIS Benchmarks Docs: https://
www.cisecurity.org/cis-benchmarks/
• Run it against your Kubernetes Master, or Kubernetes
node.
7. Kubesec
• https://kubesec.io/ from controlplane
• Helps you quantify risk for K8s resources.
• Run against your K8s applications (deployments/pods/
daemonsets etc)
• Can be used standalone, or as a kubectl plugin (https://
github.com/stefanprodan/kubectl-kubesec)
9. KubeAudit
• Opensourced from Shopify.
• https://github.com/Shopify/kubeaudit
• Helps with auditing your applications in your K8s cluster.
• Little more targeted than Kubesec.
12. Moar!
• Check the resources from this talk by Michael
Hausenblas: https://speakerdeck.com/mhausenblas/
kubernetes-security-from-image-hygiene-to-network-
policies