Skip to content

CIS Kubernetes Benchmarks#

The Center for Internet Security (CIS) provides the CIS Kubernetes Benchmarks for each Kubernetes release. These benchmarks comprise a comprehensive set of recommendations that is targeted to enhancing Kubernetes security configuration. Designed to align with industry regulations, CIS Benchmarks ensure standards that meet diverse compliance requirements, and their universal applicability across Kubernetes distributions ensures the fortification of such environments and while fostering a robust security posture.

MKE 4k is evaluated against the CIS Kubernetes Benchmark for Kubernetes 1.32. All benchmark controls categorized as FAIL are remediated in the default/hardened configuration. Some WARN-level recommendations may remain, depending on deployment architecture and operational requirements.

Note

  • The CIS Benchmark results detailed herein are verified against MKE 4k 4.1.3.
  • Mirantis has based its handling of Kubernetes benchmarks on CIS Kubernetes Benchmark v1.11.0.

The CIS Benchmarks sections are organized as follows:

1. Control plane security configuration
2. etcd node configuration
3. Control plane configuration
4. Worker node security configuration
5. Kubernetes polilcies