Published on 00/00/0000
Last updated on 00/00/0000
Published on 00/00/0000
Last updated on 00/00/0000
Share
2 min read
Published on 03/20/2019
Last updated on 02/05/2024
Banzai Cloud PKE CIS Kubernetes benchmark
Share
At Banzai Cloud we strive to enable a secure software supply chain which ensures that applications deployed with the Pipeline platform and Pipeline Kubernetes Engine are secure, without reducing developer productivity across all environments (on-premise, multi-, hybrid-, and edge-cloud). While we have our own internal processes and a dedicated security team working full time on hardening the entire application platform stack, it also makes sense to provide confidence to our customers following industry standard benchmarks.
Today we are happy to announce that our own CNCF certified Kubernetes distribution, PKE has passed the CIS Benchmark for Kubernetes. For those unfamiliar with the CIS benchmark, it's an industry standard and objective, consensus-driven security guidelines for Kubernetes-based Software.
The Banzai Cloud PKE CIS Benchmark for Kubernetes test results are available here.
Below are a few highlights of the Banzai Cloud Pipeline security approach: All secrets, certificates are stored and generated by Vault Secrets are dynamically injected in Pods Pipeline and PKE is integrated with Dex to support multiple auth backends Provider agnostic authentication and authorization for Pipeline and PKEObviously there are lots more, if you are interested to learn more please get in touch with us, we'd be happy to chat.
The Banzai Cloud PKE CIS Benchmark for Kubernetes test results are available here.
The CIS Benchmark for Kubernetes
While there are quite a few tests and manual guidelines available, we decided to use the automated kube-bench open source tool, made by the great folks from Aqua Security.kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. The tool is now wired into our own internal release process and running continuously against PKE clusters.
Hunting for security weaknesses in Kubernetes clusters
Passing the CIS benchmarks was a great start, and provides confidence to our customers, however we are doing even more. The Aqua Security folks have open sourced another security tool - kube-hunter to increase awareness and visibility for security issues in Kubernetes environments. PKE clusters are continuously tested withkube-hunter as well, in both remote/internal scanning and also in active hunting mode, in order to attempt to exploit vulnerabilities that the tool finds. We are happy to disclose that there were no vulnerabilities found and also that we are using the tool in the Pipeline Kubernetes Engine release process.
Subscribe to
the Shift!
Get emerging insights on innovative technology straight to your inbox.
