OpenShift has different command-line tools, so if we run the default test jobs, we won't be able to gather the required information on our cluster unless specified. In this recipe, you will learn how to run kube-bench on OpenShift.
Let's perform the following steps to run the CIS recommended tests:
- SSH into your OpenShift master node and run the following command using --version ocp-3.10 or ocp-3.11 based on your OpenShift version. Currently, only 3.10 and 3.11 are supported:
$ kube-bench master --version ocp-3.11
- To save the results, use the following command. After the test has been completed, move the kube-bench-master.txt file to your localhost for further review:
$ kube-bench master --version ocp-3.11 > kube-bench-master.txt
- SSH into your OpenShift worker node and repeat the first two steps of this recipe, but this time using the node parameter for the OpenShift version you are running. In our example, this is OCP 3.11:
$ kube-bench node --version ocp-3.11 > kube-bench-node.txt
Follow the Running kube-bench on Kubernetes recipe's instructions to patch security issues with the suggested remediations.