Currently, this tool makes assumptions about binary and config file locations that are not congruent with snap-based component installation. This leads to multiple false-positives, making it easy to miss actual configuration problems. There's an upstream PR to address this:
When a snap-based config is used, there are valid issues with the default configuration of k8s snaps used in charmed kubernetes. Let's use this bug to address those.
kube-bench is a convenient tool to check if K8s is deployed according to the CIS k8s benchmarks for security best practices:
https:/ /blog.aquasec. com/kubernetes- security- cis-benchmarks
Currently, this tool makes assumptions about binary and config file locations that are not congruent with snap-based component installation. This leads to multiple false-positives, making it easy to miss actual configuration problems. There's an upstream PR to address this:
https:/ /github. com/aquasecurit y/kube- bench/pull/ 389
When a snap-based config is used, there are valid issues with the default configuration of k8s snaps used in charmed kubernetes. Let's use this bug to address those.