Benchmark: 7.1 IBM Kubernetes Service
Description
Deploy highly available containerized apps in Kubernetes clusters and use the powerful tools of IBM CloudTM Kubernetes Service to automate, isolate, secure, manage, and monitor your workloads across zones or regions. First, create a cluster with a few clicks in the IBM Cloud console. Then, deploy your first containerized app to your cluster through the Kubernetes dashboard.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-ibm-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 7.1 IBM Kubernetes Service.
Run this benchmark in your terminal:
powerpipe benchmark run ibm_compliance.benchmark.cis_v100_7_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run ibm_compliance.benchmark.cis_v100_7_1 --shareBenchmarks
Controls
- 7.1.2 Ensure TLS 1.2 for all inbound traffic at IBM Cloud Kubernetes Service Ingress
- 7.1.3 Ensure IBM Cloud Kubernetes Service worker nodes are updated to the latest image to ensure patching of vulnerabilities
- 7.1.4 Ensure that clusters are accessible only by using private endpoints
- 7.1.5 Ensure IBM Cloud Kubernetes Service cluster has image pull secrets enabled
- 7.1.6 Ensure IBM Cloud Kubernetes Service clusters have the monitoring service enabled
- 7.1.7 Ensure IBM Cloud Kubernetes Service clusters have the logging service enabled