Kubernetes hardening guidance using Kubescape
In this section of the chapter, we will learn about the hardening guidance of the EKS cluster using Kubescape. Kubescape is an open source tool, developed by ARMO. Kubescape was developed in line with all of the recommendations and guidance from the NSA and CISA. Kubescape tests whether a Kubernetes cluster is deployed securely according to multiple frameworks: regulatory, customized company policies, and DevSecOps best practices, such as the NSA/CISA and MITRE ATT&CK.
It not only scans Kubernetes clusters, but also YAML files and Helm Charts, and detects misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline. To get the Kubescape recommendations for the EKS cluster, perform the following steps:
- Connect to the bastion server and install the binary of
kubescape:$ curl -o kubescape.sh https://raw.githubusercontent.com/armosec/kubescape/master/install.sh $ vi kubescape.sh #### Look for install_dir...
