nvbench

package
v0.0.0-test Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 1 Imported by: 4

README

CIS Benchmark

CIS Benchmark output

This set of scripts can be used to check the Kubernetes installation against the best-practices.

How it trigger

When the enforcer pod start, it read the environment then deicde which benchmark it run then generated report.

Supported CIS Kubernetes Benchmark versions

CIS Kubernetes Benchmark Version Kubernetes versions
1.0.0 1.6
1.2.0 1.8
1.5.1 1.15
1.6.0 1.16 - 1.18
1.23 1.19 - 1.23
1.24 1.24
1.8.0 1.27+
CIS Kubernetes Benchmark Version on Cloud Kubernetes versions
EKS-1.4.0 Any
AKS-1.4.0 Any
GKE-1.4.0 1.24+
GKE-1.4.0 1.23
CIS OpenShift Benchmark Version OpenShift versions
1.0.0 4.3
1.1.0 4.4 - 4.5
1.4.0 4.6+

How it run?

  1. enter to your enforcer pod /tmp, you should see the following 
     /tmp # tree .

 ├── kube_master.sh
 ├── kube_worker.sh
 ├── cis-1.23
 │   ├── master
 │   │   ├── 1_control_plane_components.yaml
 │   │   ├── 2_etcd.yaml
 │   │   ├── 3_control_plane_configuration.yaml
 │   │   └── 5_policies.yaml
 │   └── worker
 │       └── 4_worker_nodes.yaml
 ├── cis-1.24
 │   ├── master
 │   │   ├── 1_control_plane_components.yaml
 │   │   ├── 2_etcd.yaml
 │   │   ├── 3_control_plane_configuration.yaml
 │   │   └── 5_policies.yaml
 │   └── worker
 │       └── 4_worker_nodes.yaml
 ├── cis-1.6.0
 │   ├── master
 │   │   ├── 1_control_plane_components.yaml
 │   │   ├── 2_etcd.yaml
 │   │   ├── 3_control_plane_configuration.yaml
 │   │   └── 5_policies.yaml
 │   └── worker
 │       └── 4_worker_nodes.yaml
 ├── cis-1.8.0
 │   ├── master
 │   │   ├── 1_control_plane_components.yaml
 │   │   ├── 2_etcd.yaml
 │   │   ├── 3_control_plane_configuration.yaml
 │   │   └── 5_policies.yaml
 │   └── worker
 │       └── 4_worker_nodes.yaml
 ├── rh-1.4.0
 │   ├── master
 │   │   ├── 1_control_plane_components.yaml
 │   │   ├── 2_etcd.yaml
 │   │   ├── 3_control_plane_configuration.yaml
 │   │   └── 5_policies.yaml
 │   └── worker
 │       └── 4_worker_nodes.yaml
 ├── utils
 │   ├── logger.sh
 │   ├── style.sh
 │   └── utils.sh
  2. sh kube_master.sh / kube_worker.sh folder => the folder represents the cis version to the environment => e.g. sh kube_master.sh /tmp/cis-1.8.0/master/
  3. if you are using the older version, kubernetes < 1.16, then you are unable to run in this way, please contact us for help.

Note

if modify Docker, Kubernetes benchmark before 1.5.1(include) or OpenShift benchmark before 1.1.0(include)

  • After update bench submodule, run gen_bench.sh to re-generate container.tmpl and host.tmpl files.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DockerLevel2 utils.Set = utils.NewSet(
	"1.2.4",
	"2.8", "2.9", "2.10", "2.11", "2.15",
	"4.5", "4.8", "4.11",
	"5.2", "5.22", "5.23", "5.29",
	"7.5", "7.6", "7.8", "7.9", "7.10",
	"8.1.5",
)
View Source 
var DockerNotScored utils.Set = utils.NewSet(
	"1.1.1", "1.1.2",
	"2.15",
	"4.2", "4.3", "4.4", "4.7", "4.8", "4.9", "4.10", "4.11",
	"5.8", "5.17", "5.23", "5.27", "5.29",
	"6.1", "6.2",
	"7.5", "7.8", "7.9", "7.10",
	"8.1.3", "8.1.4",
)
View Source 
var K8SLevel2 utils.Set = utils.NewSet(
	"1.3.6, 2.7, 3.1.1, 3.2.2, 4.2.9, 5.2.9, 5.3.2, 5.4.2, 5.5.1, 5.7.2, 5.7.3, 5.7.4",
)

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.